Vulnerabilites related to asterisk - certified_asterisk
cve-2013-2686
Vulnerability from cvelistv5
Published
2013-03-29 18:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.asterisk.org/jira/browse/ASTERISK-20967 | x_refsource_CONFIRM | |
| http://telussecuritylabs.com/threats/show/TSL20130327-01 | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2013-002.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"name": "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource": "MISC",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2686",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:02.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2186
Vulnerability from cvelistv5
Published
2012-08-31 14:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/50687 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50756 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2550 | vendor-advisory, x_refsource_DEBIAN | |
| http://downloads.asterisk.org/pub/security/AST-2012-012.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027460 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2948
Vulnerability from cvelistv5
Published
2012-06-02 15:00
Modified
2024-08-06 19:50
Severity ?
EPSS score ?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75937 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1027103 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2012/dsa-2493 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/53723 | vdb-entry, x_refsource_BID | |
| http://downloads.asterisk.org/pub/security/AST-2012-008.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49303 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-scd-dos(75937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2948",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28242
Vulnerability from cvelistv5
Published
2020-11-06 05:02
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2020-002.html | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-002.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28242",
"datePublished": "2020-11-06T05:02:58",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46837
Vulnerability from cvelistv5
Published
2022-08-30 00:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46837",
"datePublished": "2022-08-30T00:00:00",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42365
Vulnerability from cvelistv5
Published
2024-08-08 16:29
Modified
2024-08-12 15:49
Severity ?
EPSS score ?
Summary
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "certified_asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.9-cert11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.7-cert2",
"status": "affected",
"version": "19.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"lessThan": "18.24.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.9.2",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
},
{
"lessThan": "21.4.2",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42365",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T16:38:45.608389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:49:00.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.24.2"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 20.9.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.4.2"
},
{
"status": "affected",
"version": "\u003c 18.9-cert11"
},
{
"status": "affected",
"version": "\u003e= 19.0, \u003c 20.7-cert2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T16:29:07.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"
},
{
"name": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"name": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"name": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"
},
{
"name": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"
},
{
"name": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"
},
{
"name": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"
},
{
"name": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"
}
],
"source": {
"advisory": "GHSA-c4cg-9275-6w44",
"discovery": "UNKNOWN"
},
"title": "Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-42365",
"datePublished": "2024-08-08T16:29:07.436Z",
"dateReserved": "2024-07-30T14:01:33.923Z",
"dateUpdated": "2024-08-12T15:49:00.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37706
Vulnerability from cvelistv5
Published
2021-12-22 00:00
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
},
{
"name": "20220304 AST-2022-004: pjproject: integer underflow on STUN message",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/0"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pjproject",
"vendor": "pjsip",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim\u2019s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim\u2019s machine. Users are advised to upgrade as soon as possible. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T00:06:40.686220",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984"
},
{
"url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
},
{
"name": "20220304 AST-2022-004: pjproject: integer underflow on STUN message",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/0"
},
{
"url": "http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"source": {
"advisory": "GHSA-2qpg-f6wf-w984",
"discovery": "UNKNOWN"
},
"title": "Potential integer underflow upon receiving STUN message in PJSIP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37706",
"datePublished": "2021-12-22T00:00:00",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9358
Vulnerability from cvelistv5
Published
2017-06-02 05:04
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038531 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98573 | vdb-entry, x_refsource_BID | |
| http://downloads.asterisk.org/pub/security/AST-2017-004.txt | x_refsource_CONFIRM | |
| https://bugs.debian.org/863906 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/863906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/863906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038531",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98573"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"name": "https://bugs.debian.org/863906",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/863906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9358",
"datePublished": "2017-06-02T05:04:00",
"dateReserved": "2017-06-01T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21723
Vulnerability from cvelistv5
Published
2022-01-27 00:00
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:35.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"
},
{
"name": "20220304 AST-2022-006: pjproject: unconstrained malformed multipart SIP message",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pjproject",
"vendor": "pjsip",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T00:06:29.216130",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"
},
{
"url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"
},
{
"name": "20220304 AST-2022-006: pjproject: unconstrained malformed multipart SIP message",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/2"
},
{
"url": "http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"source": {
"advisory": "GHSA-7fw8-54cv-r7pm",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in multipart parsing in PJSIP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21723",
"datePublished": "2022-01-27T00:00:00",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:53:35.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23608
Vulnerability from cvelistv5
Published
2022-02-22 00:00
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"
},
{
"name": "20220304 AST-2022-005: pjproject: undefined behavior after freeing a dialog set",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2962-2] pjproject regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pjproject",
"vendor": "pjsip",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T00:06:27.525525",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"
},
{
"url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"
},
{
"name": "20220304 AST-2022-005: pjproject: undefined behavior after freeing a dialog set",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/1"
},
{
"url": "http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2962-2] pjproject regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"source": {
"advisory": "GHSA-ffff-m5fm-qm62",
"discovery": "UNKNOWN"
},
"title": "Use after free in PJSIP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23608",
"datePublished": "2022-02-22T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:43:46.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2264
Vulnerability from cvelistv5
Published
2013-03-29 18:00
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2013-003.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-21013 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-02-22 20:15
Modified
2024-11-21 06:48
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teluu | pjsip | * | |
| asterisk | certified_asterisk | * | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB0273A-3235-4BC7-A1BE-7D35BABD8617",
"versionEndIncluding": "2.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02200524-98C1-49E2-8DFE-7BE82E1181E2",
"versionEndExcluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "91CCAB0C-C0F8-4619-AAE1-F6F13FF31570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "F2B7CBB3-E037-416B-AD16-9A553D6A4775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "DE7DDFE1-6A06-477A-AB45-D00053CFA7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "B987A13D-A363-4DCE-BBA1-E35E81ACBA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "01A5B7F9-FAD2-4C0C-937D-CF1086512130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "F60B4271-F987-4932-86EE-45ED099661E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE99C3B4-20EC-4AC8-9A0A-C690E2DBED99",
"versionEndExcluding": "16.24.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C109B569-DE0D-4AE4-A128-239077CCC05F",
"versionEndExcluding": "18.10.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44E4E3A7-8CB3-491C-98F6-F78345533E3B",
"versionEndExcluding": "19.2.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "PJSIP es una biblioteca de comunicaci\u00f3n multimedia gratuita y de c\u00f3digo abierto escrita en lenguaje C que implementa protocolos basados en est\u00e1ndares como SIP, SDP, RTP, STUN, TURN e ICE. En las versiones hasta la versi\u00f3n 2.11.1 inclusive, cuando se encuentra en un escenario de conjunto de di\u00e1logos (o bifurcaci\u00f3n), una clave hash compartida por varios di\u00e1logos de UAC puede potencialmente liberarse prematuramente cuando se destruye uno de los di\u00e1logos. El problema puede hacer que un conjunto de di\u00e1logos se registre en la tabla hash varias veces (con diferentes claves hash), lo que lleva a un comportamiento indefinido, como la colisi\u00f3n de la lista de di\u00e1logos, lo que eventualmente conduce a un bucle sin fin. Hay un parche disponible en la confirmaci\u00f3n db3235953baa56d2fb0e276ca510fefca751643f que se incluir\u00e1 en la pr\u00f3xima versi\u00f3n. No hay soluciones alternativas conocidas para este problema"
}
],
"id": "CVE-2022-23608",
"lastModified": "2024-11-21T06:48:55.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T20:15:07.693",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-02 15:55
Modified
2024-11-21 01:40
Severity ?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D9B19-BD1E-4E1C-A1C3-6C64A6612233",
"versionEndIncluding": "1.8.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB76519-FD6D-4D74-8DF7-719822588C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7D4883-79E3-4DD1-A555-136A0664E94E",
"versionEndIncluding": "10.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
},
{
"lang": "es",
"value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (eliminar la referencia del puntero NULL y ca\u00edda demonio) por el cierre de una conexi\u00f3n en el modo de descuelgue."
}
],
"id": "CVE-2012-2948",
"lastModified": "2024-11-21T01:40:00.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-02T15:55:01.027",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
},
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49303"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 14:55
Modified
2024-11-21 01:38
Severity ?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9DBB3-1008-4CC8-B81B-991F286A6C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48300C6F-FAF2-4F0A-959F-4B1801AE7D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA237F1-0378-4B8C-9981-B3B47BCB3C50",
"versionEndIncluding": "1.8.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB76519-FD6D-4D74-8DF7-719822588C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6558058-33DA-43F1-9690-5DA11D5CC713",
"versionEndIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*",
"matchCriteriaId": "345918B8-ABB8-4E60-A3AD-C006AD24FEC4",
"versionEndIncluding": "1.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7C792E2-FBBA-4F1D-8842-5E47B4365FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "B14F1E15-52B4-4947-83EA-85D535FFB55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "02461B94-32BA-487E-9E9E-D9B5AAAFF602",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7438E927-F320-4E40-AE4E-F571483A5D2F",
"versionEndIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94539528-4DD3-4BB6-BFFE-920A3937A665",
"versionEndIncluding": "c.3.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17D78AA8-AF67-4343-A9B0-EFC63D8CC4BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en main/manager.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-8.1.11 antes de cert6, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n aprovech\u00e1ndose de los privilegios de origen y proporcionando un valor ExternalIVR en una acci\u00f3n IAM Originate.\r\n"
}
],
"id": "CVE-2012-2186",
"lastModified": "2024-11-21T01:38:40.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T14:55:00.950",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id?1027460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027460"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-01 16:55
Modified
2024-11-21 01:52
Severity ?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41CA6DD3-FD39-482B-83AA-FE24055E9B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AB9A1-54B6-4C9A-8E4C-52A3BF147DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E4852C-4444-40BB-8DBB-51EC97D6BD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "602E20C8-9DFF-4D11-8F1E-F7E943E8FE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC5CE37E-7BAC-45D5-AD09-8823D893627C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B38DE1B4-44CF-4199-B739-5880F6492216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B25558F4-2DF6-4C00-969F-67F7C2A05668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EFFEF57-8097-42B1-AC4F-20CEFAC4AFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6DFF8BD7-7287-40B2-8BAC-46C85440882D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C94601-5C7E-4B9B-A8C9-A78C7E529864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1926E877-9EA2-457B-B501-6E07760B38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "604956F2-5FE8-4D0A-A5EF-20E6D0E89933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42D8445A-8F8D-47D3-BBE4-687BD00D2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9DF848-DEFC-4F1C-81BF-BFD2E142565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBB8E443-4A8D-405D-AF18-D56EE3D3AB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5BAE4B32-F771-4DEA-9665-C862F3BA38B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21E8BAFB-6973-48DE-9835-93464882712A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57BF8BF0-DAD0-472B-9A13-34633F2BED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "06E40764-4AFD-4DAA-BC96-46881EB55F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "412E6FAF-60A4-44DF-A1E5-BFBB127367B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBFEE9B-B3D5-4659-A833-03804A010474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F127574-4C2A-4D0D-9601-B369C9E75BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A58518-4619-4B6C-A01E-875E7A02B563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A56402C5-9408-4A7C-A6BF-DF1707EE19F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "145FF5F2-E4DC-42AD-B320-A9A82D517073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "217B4501-AEBA-4417-87D8-0C18779F16F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3784F3AC-0A54-4453-85C9-33C5AF05564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39900193-C2F2-424E-95A9-B7EF637A3F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589B3B1E-5BCB-4BA3-B4A6-CD9FAF8AD05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B5C6294-7BB5-4749-8F90-7AB3786696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D3320-3A6E-4756-9314-78E5027CDD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC59D23-316D-43FC-9BA9-67E8BDAF5F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59556035-E04B-4350-BD3B-A3935C28C6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F73501-BE0D-4130-8077-D5D853E91F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C72C50B-12C1-4A1C-B51F-F66244C18CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D3A3D9A-9F63-44FD-BF14-2DC3AE8C0D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56C40572-5FBE-4A39-AF3D-A335873BF660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "844232F0-D524-44E0-B420-2992BC0FED11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D73A9C29-4270-4126-9D6B-3780F6F3D7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A402F4F2-73BC-49B1-B5DD-9231F090BFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "410D67F4-C941-4CBE-8D82-673217EE7FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45244F02-B71A-4692-BDAD-34C37ACAB676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA73D5CD-0BBC-42EF-9693-265A0566E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0574B440-5004-4F47-B657-1672E9092A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1F128-276F-4883-A93C-D5C7282925DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5392F1-57AC-4208-9646-42098CCEF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D11D64C-6E1F-4014-88D2-F5FB61D66C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "036281DD-6F0A-4810-A1D3-952077896808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2749712C-929A-43F4-B58A-F9F777DBD84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92AD9878-F87D-43AC-BE2B-514977F5A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A9089A8-55D4-4992-BAC0-FE5BE3E2F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F33E93C3-D4A3-4A38-84E1-0D3CB8915418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A1EE57-D8ED-4A2E-BE71-043E06EA4F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BC400500-F1CF-4D13-A18E-25B5EE70F3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A215C07A-6E8C-4EEB-AD94-68A75BE7DB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9764E3-DA33-4A31-97C7-E523D6DE6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "703FBE7B-CAD4-43B4-920D-DFC28CFFB7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00750678-5A5E-4A75-A405-3D42E1CB147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31228737-2F7E-434A-B4FE-E1C9BB71D893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A84F1317-E44E-4CD4-8979-DC335AD8B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D358E8-6399-4568-9ECC-CA084B80129C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DC34227-26A7-44C1-B5CB-C7328134316B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2E2701A-489E-4A9C-9E5C-01661E599BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13892E-0D45-438B-A126-439335B47C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E6025382-31C8-4227-B44F-856FD014B283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*",
"matchCriteriaId": "0DAEE2C6-008C-476D-8464-3C616E5CA805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*",
"matchCriteriaId": "688A1BA8-A195-41E9-812D-F4400EFA5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*",
"matchCriteriaId": "177A2158-B36D-4B6D-9FEA-2DF32830AE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A84E1FF-10CB-45AA-B2EC-6FB6E78C6D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83726255-3A94-49A7-A43F-414CA0A814FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0188A765-4376-4EDC-8070-74B6882253B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "98F95DCC-6B40-42D6-BDA4-8BBE5C4AB4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "28051F65-0862-438F-B4D6-1F7F1B93A76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "344BE33A-2345-48C4-91EB-58C4EC2499B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C38C7220-D25C-4399-A414-0541A44DCD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E69A7B6F-1D33-471D-80B2-37D30817FD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA77C-2D86-4815-905F-78B9B55B4790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4C5D9FD-24AD-4C73-ACA3-924AA2D4C041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "039D01BB-9B67-467B-9E5D-89208C4F9595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7DFEB-9DDF-4DE7-A295-869F810FD5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C0C0F3B5-97EF-4806-AD51-DD201F35F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08D0CC7-7339-4468-9CC6-7007D859160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ACAF81C5-D3B2-4D7E-BD1F-2FFCEDE3E2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3146A017-A6A5-4C3D-8138-EBE552A99F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEECF41-6AFA-4067-ADB4-EA53A6C77740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "271F0ACA-F4F5-4FD9-8F39-56722EE40D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AEAF9BED-896B-4E0D-AE2A-65ADA2B96876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32A45F41-BA2A-4878-82BA-2C1EE3301708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAEBB11B-AC3A-46C2-94F6-7B68994E47C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A8C554-04E9-4A86-B2CA-12B19BF5BD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CC2E7D4E-2713-4F50-A646-8643FA31C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "295AE899-CE46-4904-AA88-F05D857D50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC070B60-E90E-432F-AF02-5BCD6CFA8902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6FE1237-4974-4F87-BB44-1608D5879856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14248FC6-A833-4918-AC6D-94DC75E28D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FA03327-13B9-488D-A1D7-59AB07926B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC53629-1F20-4B22-9465-63250F917007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F912BF-1512-45E8-9035-750F083D60B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "540F8042-4B26-4078-ACE7-DBAC45D4FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC68FD-F05E-4821-BAA1-5A871C8C39AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6093D29F-64F8-4E3E-B6C4-646D0D6A6B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9424B04A-6262-4E31-BFD3-F5849EF32771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39147BA2-6F85-4E88-A896-B5F5C571A835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A54E95F9-2CFC-43C6-AF6B-44ABC5555C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB53F9D1-14EC-4B00-9A72-E086D2EB27F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4C48AD83-84B9-4A92-8C88-FC4F966644DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39202DF6-359E-4A62-98B4-D42A5F899717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7134E96-F5EF-4E87-9B11-DAA2A1D90761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2A761C15-53E2-4BDC-AF7B-86BCB7F10466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3288F41-D446-4899-9AC7-60EB72145ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44027DC7-1BD6-4F17-AD4F-6D6457B779FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "170DEF44-9D18-4C9E-919F-5B7CC2C7D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1674C43B-51DE-484C-8B87-CF3256589BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEFB68A-9C07-468F-A118-315D8DB21897",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
},
{
"lang": "es",
"value": "main/http.c en el servidor HTTP Asterisk Open Source v1.8.x antes de v1.8.20.2, v10.x antes v10.12.2 y v11.2.2 v11.x antes; Certified Asterisk v1.8.15 antes de v8.1.15-cert2; y Digiumphones Asterisk v10.x-digiumphones antes de v10.12.2-digiumphones no restringe correctamente valores Content-Length, que permite a atacantes remotos realizar ataques de consumo de la pila y provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n POST HTTP manipulada. NOTA: esta vulnerabilidad se debe a una soluci\u00f3n incorrecta para CVE-2012-5976."
}
],
"id": "CVE-2013-2686",
"lastModified": "2024-11-21T01:52:09.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-01T16:55:04.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
},
{
"source": "cve@mitre.org",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-27 00:15
Modified
2024-11-21 06:45
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teluu | pjsip | * | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB0273A-3235-4BC7-A1BE-7D35BABD8617",
"versionEndIncluding": "2.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC49FD2F-9A64-4F92-9B73-50E37BEB207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "91CCAB0C-C0F8-4619-AAE1-F6F13FF31570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "F2B7CBB3-E037-416B-AD16-9A553D6A4775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "DE7DDFE1-6A06-477A-AB45-D00053CFA7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "B987A13D-A363-4DCE-BBA1-E35E81ACBA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "01A5B7F9-FAD2-4C0C-937D-CF1086512130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "F60B4271-F987-4932-86EE-45ED099661E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE99C3B4-20EC-4AC8-9A0A-C690E2DBED99",
"versionEndExcluding": "16.24.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C109B569-DE0D-4AE4-A128-239077CCC05F",
"versionEndExcluding": "18.10.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44E4E3A7-8CB3-491C-98F6-F78345533E3B",
"versionEndExcluding": "19.2.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds."
},
{
"lang": "es",
"value": "PJSIP es una biblioteca de comunicaci\u00f3n multimedia gratuita y de c\u00f3digo abierto escrita en lenguaje C que implementa protocolos basados en est\u00e1ndares como SIP, SDP, RTP, STUN, TURN e ICE. En las versiones 2.11.1 y anteriores, el an\u00e1lisis de un mensaje SIP entrante que contiene una multiparte malformada puede causar potencialmente un acceso de lectura fuera de l\u00edmites. Este problema afecta a todos los usuarios de PJSIP que aceptan multipartes SIP. El parche est\u00e1 disponible como commit en la rama \"master\". No se presentan medidas de mitigaci\u00f3n conocidas"
}
],
"id": "CVE-2022-21723",
"lastModified": "2024-11-21T06:45:18.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-27T00:15:07.737",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 06:15
Modified
2024-11-21 05:22
Severity ?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | certified_asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD83903-7BCB-4980-AB42-957867077070",
"versionEndIncluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55E64E8D-DE76-4047-813E-0325E49D7BFB",
"versionEndExcluding": "13.37.1",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2DA86C-6FB5-4ACC-83BF-812BECD26441",
"versionEndExcluding": "16.14.1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33E582-97C0-428E-A696-BF84F9E2E5D5",
"versionEndExcluding": "17.8.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716CD81A-8970-42B6-92CB-42D9C9C36B5C",
"versionEndExcluding": "18.0.1",
"versionStartIncluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Asterisk Open Source versiones 13.x anteriores a 13.37.1, versiones 16.x anteriores a 16.14.1, versiones 17.x anteriores a 17.8.1 y versiones 18.x anteriores a 18.0.1 y Certified Asterisk versiones anteriores a 16.8-cert5.\u0026#xa0;Si Asterisk es desafiado en un INVITE saliente y el nonce es cambiado en cada respuesta, Asterisk enviar\u00e1 los INVITE continuamente en un bucle.\u0026#xa0;Esto causa que Asterisk consuma m\u00e1s y m\u00e1s memoria ya que la transacci\u00f3n nunca terminar\u00e1 (incluso si la llamada se cuelga), lo que a la larga conllevar\u00e1 a un reinicio o cierre de Asterisk. Para que esto ocurra, la autenticaci\u00f3n saliente debe ser configurada en el endpoint"
}
],
"id": "CVE-2020-28242",
"lastModified": "2024-11-21T05:22:30.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T06:15:11.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 07:15
Modified
2024-11-21 06:34
Severity ?
Summary
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://downloads.asterisk.org/pub/security/AST-2021-006.html | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.asterisk.org/pub/security/AST-2021-006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D5A9E8-239F-492C-95AD-7CF2AB964D87",
"versionEndExcluding": "16.16.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA36883-D695-47A1-8CA7-2F128BFA194D",
"versionEndExcluding": "17.9.3",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEE180D-A041-42AB-AE5E-DDBD9CF0AACF",
"versionEndExcluding": "18.2.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation."
},
{
"lang": "es",
"value": "La funci\u00f3n res_pjsip_t38 en Sangoma Asterisk versiones 16.x anteriores a 16.16.2, 17.x anteriores a 17.9.3, y 18.x anteriores a 18.2.2, y Certified Asterisk anteriores a 16.8-cert7, permite a un atacante desencadenar un fallo mediante el env\u00edo de una l\u00ednea m=image y un puerto cero en una respuesta a una Re invitaci\u00f3n T.38 iniciada por Asterisk. Se trata de una reaparici\u00f3n de los s\u00edntomas de la CVE-2019-15297 pero no exactamente por el mismo motivo. El fallo es producido porque se presenta una operaci\u00f3n de append relativa a la topolog\u00eda activa, pero deber\u00eda ser en cambio una operaci\u00f3n de replace"
}
],
"id": "CVE-2021-46837",
"lastModified": "2024-11-21T06:34:47.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T07:15:07.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-22 18:15
Modified
2024-11-21 06:15
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teluu | pjsip | * | |
| asterisk | certified_asterisk | * | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| asterisk | certified_asterisk | 16.8.0 | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB0273A-3235-4BC7-A1BE-7D35BABD8617",
"versionEndIncluding": "2.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02200524-98C1-49E2-8DFE-7BE82E1181E2",
"versionEndExcluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC49FD2F-9A64-4F92-9B73-50E37BEB207E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "91CCAB0C-C0F8-4619-AAE1-F6F13FF31570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "F2B7CBB3-E037-416B-AD16-9A553D6A4775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "DE7DDFE1-6A06-477A-AB45-D00053CFA7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "B987A13D-A363-4DCE-BBA1-E35E81ACBA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "01A5B7F9-FAD2-4C0C-937D-CF1086512130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "F60B4271-F987-4932-86EE-45ED099661E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE99C3B4-20EC-4AC8-9A0A-C690E2DBED99",
"versionEndExcluding": "16.24.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C109B569-DE0D-4AE4-A128-239077CCC05F",
"versionEndExcluding": "18.10.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44E4E3A7-8CB3-491C-98F6-F78345533E3B",
"versionEndExcluding": "19.2.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim\u2019s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim\u2019s machine. Users are advised to upgrade as soon as possible. There are no known workarounds."
},
{
"lang": "es",
"value": "PJSIP es una biblioteca de comunicaci\u00f3n multimedia gratuita y de c\u00f3digo abierto escrita en lenguaje C que implementa protocolos basados en est\u00e1ndares como SIP, SDP, RTP, STUN, TURN e ICE. En las versiones afectadas, si el mensaje STUN entrante contiene un atributo ERROR-CODE, no se comprueba la longitud del encabezado antes de llevar a cabo una operaci\u00f3n de sustracci\u00f3n, resultando en un escenario de desbordamiento de enteros. Este problema afecta a todos los usuarios que usan STUN. Un actor malicioso situado en la red de la v\u00edctima puede falsificar y enviar un mensaje UDP (STUN) especialmente dise\u00f1ado que podr\u00eda ejecutar remotamente c\u00f3digo arbitrario en la m\u00e1quina de la v\u00edctima. Se aconseja a usuarios que actualicen lo antes posible. No se presentan soluciones conocidas"
}
],
"id": "CVE-2021-37706",
"lastModified": "2024-11-21T06:15:45.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-22T18:15:07.487",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-01 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41CA6DD3-FD39-482B-83AA-FE24055E9B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AB9A1-54B6-4C9A-8E4C-52A3BF147DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E4852C-4444-40BB-8DBB-51EC97D6BD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "602E20C8-9DFF-4D11-8F1E-F7E943E8FE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC5CE37E-7BAC-45D5-AD09-8823D893627C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B38DE1B4-44CF-4199-B739-5880F6492216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B25558F4-2DF6-4C00-969F-67F7C2A05668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EFFEF57-8097-42B1-AC4F-20CEFAC4AFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6DFF8BD7-7287-40B2-8BAC-46C85440882D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C94601-5C7E-4B9B-A8C9-A78C7E529864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1926E877-9EA2-457B-B501-6E07760B38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "604956F2-5FE8-4D0A-A5EF-20E6D0E89933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42D8445A-8F8D-47D3-BBE4-687BD00D2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9DF848-DEFC-4F1C-81BF-BFD2E142565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBB8E443-4A8D-405D-AF18-D56EE3D3AB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5BAE4B32-F771-4DEA-9665-C862F3BA38B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21E8BAFB-6973-48DE-9835-93464882712A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57BF8BF0-DAD0-472B-9A13-34633F2BED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "06E40764-4AFD-4DAA-BC96-46881EB55F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "412E6FAF-60A4-44DF-A1E5-BFBB127367B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBFEE9B-B3D5-4659-A833-03804A010474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F127574-4C2A-4D0D-9601-B369C9E75BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A58518-4619-4B6C-A01E-875E7A02B563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A56402C5-9408-4A7C-A6BF-DF1707EE19F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "145FF5F2-E4DC-42AD-B320-A9A82D517073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "217B4501-AEBA-4417-87D8-0C18779F16F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3784F3AC-0A54-4453-85C9-33C5AF05564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39900193-C2F2-424E-95A9-B7EF637A3F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589B3B1E-5BCB-4BA3-B4A6-CD9FAF8AD05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B5C6294-7BB5-4749-8F90-7AB3786696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D3320-3A6E-4756-9314-78E5027CDD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC59D23-316D-43FC-9BA9-67E8BDAF5F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59556035-E04B-4350-BD3B-A3935C28C6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F73501-BE0D-4130-8077-D5D853E91F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C72C50B-12C1-4A1C-B51F-F66244C18CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D3A3D9A-9F63-44FD-BF14-2DC3AE8C0D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56C40572-5FBE-4A39-AF3D-A335873BF660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "844232F0-D524-44E0-B420-2992BC0FED11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D73A9C29-4270-4126-9D6B-3780F6F3D7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A402F4F2-73BC-49B1-B5DD-9231F090BFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "410D67F4-C941-4CBE-8D82-673217EE7FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45244F02-B71A-4692-BDAD-34C37ACAB676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA73D5CD-0BBC-42EF-9693-265A0566E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0574B440-5004-4F47-B657-1672E9092A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1F128-276F-4883-A93C-D5C7282925DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5392F1-57AC-4208-9646-42098CCEF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D11D64C-6E1F-4014-88D2-F5FB61D66C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "036281DD-6F0A-4810-A1D3-952077896808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2749712C-929A-43F4-B58A-F9F777DBD84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92AD9878-F87D-43AC-BE2B-514977F5A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A9089A8-55D4-4992-BAC0-FE5BE3E2F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F33E93C3-D4A3-4A38-84E1-0D3CB8915418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A1EE57-D8ED-4A2E-BE71-043E06EA4F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BC400500-F1CF-4D13-A18E-25B5EE70F3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A215C07A-6E8C-4EEB-AD94-68A75BE7DB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9764E3-DA33-4A31-97C7-E523D6DE6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "703FBE7B-CAD4-43B4-920D-DFC28CFFB7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00750678-5A5E-4A75-A405-3D42E1CB147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31228737-2F7E-434A-B4FE-E1C9BB71D893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A84F1317-E44E-4CD4-8979-DC335AD8B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D358E8-6399-4568-9ECC-CA084B80129C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DC34227-26A7-44C1-B5CB-C7328134316B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2E2701A-489E-4A9C-9E5C-01661E599BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13892E-0D45-438B-A126-439335B47C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E6025382-31C8-4227-B44F-856FD014B283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*",
"matchCriteriaId": "0DAEE2C6-008C-476D-8464-3C616E5CA805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*",
"matchCriteriaId": "688A1BA8-A195-41E9-812D-F4400EFA5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*",
"matchCriteriaId": "177A2158-B36D-4B6D-9FEA-2DF32830AE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A84E1FF-10CB-45AA-B2EC-6FB6E78C6D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83726255-3A94-49A7-A43F-414CA0A814FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72528F09-D212-4CE8-A2B7-7A6CFCB9A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC99E3-65A4-4BD4-9421-49F9E6D828A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9FB6BA-1281-4097-8A70-62B691468C63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0188A765-4376-4EDC-8070-74B6882253B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "98F95DCC-6B40-42D6-BDA4-8BBE5C4AB4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "28051F65-0862-438F-B4D6-1F7F1B93A76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "344BE33A-2345-48C4-91EB-58C4EC2499B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C38C7220-D25C-4399-A414-0541A44DCD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E69A7B6F-1D33-471D-80B2-37D30817FD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA77C-2D86-4815-905F-78B9B55B4790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4C5D9FD-24AD-4C73-ACA3-924AA2D4C041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "039D01BB-9B67-467B-9E5D-89208C4F9595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7DFEB-9DDF-4DE7-A295-869F810FD5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C0C0F3B5-97EF-4806-AD51-DD201F35F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08D0CC7-7339-4468-9CC6-7007D859160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ACAF81C5-D3B2-4D7E-BD1F-2FFCEDE3E2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3146A017-A6A5-4C3D-8138-EBE552A99F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEECF41-6AFA-4067-ADB4-EA53A6C77740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "271F0ACA-F4F5-4FD9-8F39-56722EE40D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AEAF9BED-896B-4E0D-AE2A-65ADA2B96876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32A45F41-BA2A-4878-82BA-2C1EE3301708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAEBB11B-AC3A-46C2-94F6-7B68994E47C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A8C554-04E9-4A86-B2CA-12B19BF5BD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CC2E7D4E-2713-4F50-A646-8643FA31C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "295AE899-CE46-4904-AA88-F05D857D50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC070B60-E90E-432F-AF02-5BCD6CFA8902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6FE1237-4974-4F87-BB44-1608D5879856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14248FC6-A833-4918-AC6D-94DC75E28D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FA03327-13B9-488D-A1D7-59AB07926B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC53629-1F20-4B22-9465-63250F917007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F912BF-1512-45E8-9035-750F083D60B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "540F8042-4B26-4078-ACE7-DBAC45D4FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC68FD-F05E-4821-BAA1-5A871C8C39AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6093D29F-64F8-4E3E-B6C4-646D0D6A6B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9424B04A-6262-4E31-BFD3-F5849EF32771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39147BA2-6F85-4E88-A896-B5F5C571A835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A54E95F9-2CFC-43C6-AF6B-44ABC5555C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB53F9D1-14EC-4B00-9A72-E086D2EB27F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4C48AD83-84B9-4A92-8C88-FC4F966644DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39202DF6-359E-4A62-98B4-D42A5F899717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7134E96-F5EF-4E87-9B11-DAA2A1D90761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2A761C15-53E2-4BDC-AF7B-86BCB7F10466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3288F41-D446-4899-9AC7-60EB72145ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44027DC7-1BD6-4F17-AD4F-6D6457B779FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "170DEF44-9D18-4C9E-919F-5B7CC2C7D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1674C43B-51DE-484C-8B87-CF3256589BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEFB68A-9C07-468F-A118-315D8DB21897",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
},
{
"lang": "es",
"value": "El controlador del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.20.2, v10.x antes v10.12.2 y v11.2.2 anterior a v11.x; Certified Asterisk v1.8.15 antes v1.8.15-cert2, Asterisk Business Edition (BE) vC.3.x antes vC.3.8.1 y Digiumphones Asterisk 10.x-digiumphones antes v10.12.2-digiumphones muestra un comportamiento diferente para transacciones INVITE, SUBSCRIBE y REGISTER inv\u00e1lidas en funci\u00f3n de si la cuenta de usuario existe, lo que permite a atacantes remotos para enumerar los nombres de cuenta de (1) los c\u00f3digos de estado HTTP de lectura, (2) la lectura de un texto adicional en un 403 (tambi\u00e9n conocido como Forbidden) respuesta, o (3) observando si se producen ciertas retransmisiones."
}
],
"id": "CVE-2013-2264",
"lastModified": "2024-11-21T01:51:21.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-01T16:55:03.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-02 05:29
Modified
2024-11-21 03:35
Severity ?
Summary
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-004.txt | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98573 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1038531 | ||
| cve@mitre.org | https://bugs.debian.org/863906 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-004.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98573 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038531 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/863906 | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0789649-4E5D-4DC1-9B01-B294B6151085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46940409-0771-4ED6-B352-1A43C6208627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9BA0EB47-07D8-4B65-BD62-EA2B68D64AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B90E3BEB-E683-4F71-A6C8-A1BD53CD6D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56E29780-8E4A-4CEF-9240-A9AED9BB06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "715E2B71-425F-42F7-B713-8CC644B1C58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "97507DA4-6B96-4470-9FFC-DFABED357A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC1991F-9E49-4DAB-B60A-3B172D0F86A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7535B8C1-419E-4E81-9955-7B7FE97FBAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B22660-489A-4A62-BA61-7E3B153DE7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47134DA6-5D36-43CF-88A4-9142C9497025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "803258B5-6EF8-4541-B482-00B34668A46E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E6F48-96AD-44A0-8E4F-C65E9F82F089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "70485694-089D-4DF5-AC81-5CABBA5A332E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88DD3F8C-ACA3-460F-A024-A430D9A9F63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A3FBACC-C61F-46A6-8C49-8268F6E3F3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57094FDA-FDEE-4C5F-BDAB-B4C14E212E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC918B9-BCE7-4310-B385-77B3D9F398FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42641E1-527B-4A2F-B36A-151C1B769AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F1B7AA0-A5BC-47B7-BAB7-94C18A975938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAE04147-C3D3-4C80-AD27-1A24498DBB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "58CE7E95-CC54-4509-8B3F-22498E0FB6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEE9C24-FDC9-4675-A912-24100B48C77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AF5F5C49-B1F3-43EF-A46B-0B1D6921FD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2861956E-7C8F-4A6A-9DC3-E23B12FDFDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6097525-B5D5-4ACE-B26E-E976E30D6E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1FC6424-B774-4E3F-B835-72296C37C4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EEC6D5F3-B6C5-4B35-9EDE-FCBC808D4C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589E43EA-6873-48CE-AB83-D3A42E6D8B68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C489FB-3A83-42D7-94A9-3C7D5B8F980C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DDBE806-CDD5-4981-B575-9EB58816CD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "A9676683-14B7-4489-9D18-C37365C323D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "660E2F8C-A674-44EE-99AC-80E57A0681C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "6949CB9E-8282-4E9D-9DD0-889E3181C845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "B54BB82E-92EF-4D75-8E62-10CDC7C526DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "E759A991-D72D-4FCA-B4F5-3B51D63A31D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4E1A5B3-8385-4376-A145-1E1CC0E80818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3E4E78FF-000E-4DA8-8539-2C5507C09BB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF4B65D-016F-4306-B1AC-AA83B6049D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8C2B545C-0A70-405C-8610-24ADE6740549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9B2609D7-C5E8-42C7-A456-F01051A99A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9707B21-1F6F-4817-8ABC-8FA88670B21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9A7E5B97-8A5F-4059-8363-F42A2BF5A0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3283C6-3223-41B0-B823-1BCD23AA05FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4011C14B-5338-4E13-A2F3-0E585425D5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CD51694-6DCD-4B5B-B062-DFA3BAA98DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7277A774-C370-4787-B84C-6F4AC55A3487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E216708E-5BEE-4E03-93EA-6B013B439E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61028A13-37B5-4BC9-8EFB-D2465B9DECCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podr\u00eda llevarse a cabo mediante el env\u00edo de paquetes SCCP especialmente manipulados que provocar\u00edan un bucle infinito y dar\u00edan lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle)."
}
],
"id": "CVE-2017-9358",
"lastModified": "2024-11-21T03:35:54.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-02T05:29:00.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038531"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863906"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-08 17:15
Modified
2024-09-16 20:23
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E883638-A227-4B23-ADEB-E54244B482F0",
"versionEndExcluding": "18.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525E1CCB-43F1-405D-96A9-A9D41D8F59CD",
"versionEndExcluding": "20.9.1",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:asterisk:21.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8337584E-FAFD-456F-957C-7CDE4132E660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C489FB-3A83-42D7-94A9-3C7D5B8F980C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DDBE806-CDD5-4981-B575-9EB58816CD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "A9676683-14B7-4489-9D18-C37365C323D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "660E2F8C-A674-44EE-99AC-80E57A0681C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "6949CB9E-8282-4E9D-9DD0-889E3181C845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "B54BB82E-92EF-4D75-8E62-10CDC7C526DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "E759A991-D72D-4FCA-B4F5-3B51D63A31D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4E1A5B3-8385-4376-A145-1E1CC0E80818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3E4E78FF-000E-4DA8-8539-2C5507C09BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "20998BF5-7014-444C-A221-5B989987A7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "245E902A-1583-4482-9AD7-F0C5AF38764E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "282CF259-FEE3-44FC-808E-D96CCF48BFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "BEF5DDD6-7C6B-4E72-B3F3-7330C4488CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*",
"matchCriteriaId": "675FED60-01B9-4A6F-B20C-D642121B873C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
"matchCriteriaId": "3D6A228C-260F-484C-B169-EEDB0C66CB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
"matchCriteriaId": "7FFE0158-47D4-4FB4-84C8-49E67A181545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
"matchCriteriaId": "CAC40CC0-5EC1-4F05-B1D1-7D06D2E10B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
"matchCriteriaId": "3CDDFE32-9BAE-400C-8F6B-9792E9E0711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert14:*:*:*:*:*:*",
"matchCriteriaId": "EB3952E1-6BA6-46D7-92F6-168EE8351E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "67D6AA96-3579-41F5-B871-DA01F12CC8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "66E7DD42-CBC6-44F1-B06D-0B89CF624D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "1EC0C26E-CCD2-4AEE-A35C-7A4DDA2E657E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "3CE9EC96-7A16-4989-98BC-440E9282FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "335EF1B5-AD89-48E2-AB2C-BF376BC36F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E64BCD44-2298-4710-9CC3-DF82E6A8DF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*",
"matchCriteriaId": "91CCAB0C-C0F8-4619-AAE1-F6F13FF31570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*",
"matchCriteriaId": "F2B7CBB3-E037-416B-AD16-9A553D6A4775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*",
"matchCriteriaId": "DE7DDFE1-6A06-477A-AB45-D00053CFA7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "A35C117A-6EFB-42EB-AD2A-EA7866606927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "40003CBE-792F-4875-9E60-6F1CE0BBAA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "46A7AA7B-13F2-496A-99ED-1CC13234E8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "147663CB-B48D-4D89-96BF-F92FF96F347F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "27DBBC83-930A-4ECE-8C1E-47481D881B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*",
"matchCriteriaId": "B987A13D-A363-4DCE-BBA1-E35E81ACBA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*",
"matchCriteriaId": "01A5B7F9-FAD2-4C0C-937D-CF1086512130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*",
"matchCriteriaId": "F60B4271-F987-4932-86EE-45ED099661E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
"matchCriteriaId": "4183072E-F5A2-4137-82B4-B066AC8DAAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "3ABB4F01-021F-46C1-ABD4-412C7D40C52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert10:*:*:*:*:*:*",
"matchCriteriaId": "7B8A221A-E9DD-45EC-8DD6-7AFBC5A0B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
"matchCriteriaId": "32177FB5-4C13-4E0C-AB67-F2B2F322581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
"matchCriteriaId": "795DA8B6-FACE-4CC2-8262-1733A34F5593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
"matchCriteriaId": "CDBDB4E6-51AC-4707-85DF-9F76EF6629BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
"matchCriteriaId": "BEC796F2-A349-4CCA-9343-5251DCA781A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert6:*:*:*:*:*:*",
"matchCriteriaId": "3AC09F75-406C-4699-A4D7-661383A05C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert7:*:*:*:*:*:*",
"matchCriteriaId": "02F5B177-0509-4CF7-A555-B9F41F50AE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8:*:*:*:*:*:*",
"matchCriteriaId": "237890E9-1AAB-4D02-801E-BC0C68A70718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*",
"matchCriteriaId": "D3064399-A01E-4E08-A4AE-4BA33A4928F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*",
"matchCriteriaId": "FFA59ED7-2EE0-45EC-A794-8FA29B403A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:18.9:cert9:*:*:*:*:*:*",
"matchCriteriaId": "C727C1DB-0287-412E-9107-AF276FF3AB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1:*:*:*:*:*:*",
"matchCriteriaId": "3520F2B3-3E3F-4222-AA97-B2F7F7BD30A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "56923D44-D1D5-4A79-AA36-5A0C45D22250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "C669C229-8050-4938-8A05-11BFAB8D51FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue."
},
{
"lang": "es",
"value": "Asterisk es un kit de herramientas de telefon\u00eda y centralita privada (PBX) de c\u00f3digo abierto. Antes de las versiones de asterisk 18.24.2, 20.9.2 y 21.4.2 y de las versiones de asterisco certificado 18.9-cert11 y 20.7-cert2, un usuario de AMI con `write=originate` pod\u00eda cambiar todos los archivos de configuraci\u00f3n en `/etc/asterisk. /` directorio. Esto ocurre porque pueden curvar archivos remotos y escribirlos en el disco, pero tambi\u00e9n pueden agregarlos a archivos existentes usando la funci\u00f3n `FILE` dentro de la aplicaci\u00f3n `SET`. Este problema puede provocar una escalada de privilegios, la ejecuci\u00f3n remota de c\u00f3digo y/o blind server-side request forgery con un protocolo arbitrario. Las versiones de Asterisk 18.24.2, 20.9.2 y 21.4.2 y las versiones de asterisco certificado 18.9-cert11 y 20.7-cert2 contienen una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-42365",
"lastModified": "2024-09-16T20:23:18.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-08T17:15:19.340",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
},
{
"lang": "en",
"value": "CWE-1220"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}