Vulnerabilites related to digium - certified_asterisk
Vulnerability from fkie_nvd
Published
2012-06-02 15:55
Modified
2024-11-21 01:40
Severity ?
Summary
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html | Broken Link | |
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2012-007.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/49303 | Not Applicable | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2493 | Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1027102 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2012-007.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49303 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2493 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027102 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
},
{
"lang": "es",
"value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando una determinada opci\u00f3n mohinterpret est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante la colocaci\u00f3n de una llamada en espera."
}
],
"id": "CVE-2012-2947",
"lastModified": "2024-11-21T01:40:00.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-02T15:55:00.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49303"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/49303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-09 00:29
Modified
2024-11-21 03:16
Severity ?
Summary
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDB1A9-AC31-4A47-A222-0C4E17274A02",
"versionEndExcluding": "13.18.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861B3BC-A35A-4617-A24E-F88D27DBE3F6",
"versionEndExcluding": "14.7.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651DC4FA-A4EF-40DC-9B54-3ED928A7531A",
"versionEndExcluding": "15.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E9DFD7C-9ED1-4561-8AFF-69D98E8E398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA8BFAC6-17A7-4B80-B436-0FFA4B9EA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "954376A0-A03C-47D9-BC5E-14B005DB3940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "07BB081F-504D-42E3-9CDE-4005572CA0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "0A4D417F-485E-4CAD-8542-A22BBA2869E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "61F70CD2-1727-4955-A81B-8927AEF468ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "A9437455-90FB-4F90-B246-A37E558C9CE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. Ocurre una fuga de memoria cuando un objeto de sesi\u00f3n pjsip de Asterisk se crea y la llamada se rechaza antes de que la sesi\u00f3n se establezca por completo. Cuando esto ocurre, el objeto de sesi\u00f3n nunca se destruye. Asterisk podr\u00eda quedarse sin memoria y cerrarse de manera inesperada."
}
],
"id": "CVE-2017-16672",
"lastModified": "2024-11-21T03:16:48.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-09T00:29:00.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "536ECC06-D2DC-474F-AB44-7A8B16ADFC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6001EFB8-A539-4F3C-B9F3-7A513FA458BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1035C6D2-E8FD-4FFA-9AC7-17534609D68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*",
"matchCriteriaId": "DBD12EE0-78F6-450F-9AD9-D64A55377D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*",
"matchCriteriaId": "BFA21D5A-0BC6-45E0-AD84-F91F185275B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9569F80-CCA9-4010-8B72-0BF9F4654150",
"versionEndIncluding": "1.8.32.0",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
"versionEndExcluding": "11.14.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
},
{
"lang": "es",
"value": "La funci\u00f3n DB dialplan en Asterisk Open Source 1.8.x anterior a 1.8.32, 11.x anterior a 11.1.4.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 1.8 anterior a 1.8.28-cert8 y 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de una llamada de un protocolo externo, tal y como fue demostrado por el protocolo AMI."
}
],
"id": "CVE-2014-8418",
"lastModified": "2024-11-21T02:19:02.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:10.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-24 22:29
Modified
2024-11-21 03:54
Severity ?
Summary
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "8D9D833C-E847-48D0-9BC1-83B52294AF50",
"versionEndIncluding": "13.23.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6072FE25-86B3-4C45-841D-60BCB1817535",
"versionEndIncluding": "14.7.7",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:standard:*:*:*",
"matchCriteriaId": "3BF8E2D1-2583-4EC7-A274-605AB41CD3EC",
"versionEndIncluding": "15.6.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:lts:*:*:*",
"matchCriteriaId": "169467F0-A818-4E58-884A-8409E376DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:lts:*:*:*",
"matchCriteriaId": "DC59BE10-CFBF-43DC-99C8-81A20C020395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:lts:*:*:*",
"matchCriteriaId": "911BAB3E-20E4-4B34-80AC-94324BFA36BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "F0AEB812-85F2-4030-A8F8-D96F72C22BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "2E91D289-8971-4259-A969-1597EDB51E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "948496CC-B5D4-41E5-9560-F59183C99209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "1D2AD7E2-D830-48D3-9D7B-4B3D36884E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "79F2CF46-8580-4AFC-AA40-42611C17AB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "B6BC624E-D8A6-4E1F-B8B8-E4EB743AC1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "0734E999-DC1E-4107-83D6-31A08F134168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "2FE884C8-5ED3-4B4F-883A-DB7B503435D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "D64CD3D3-7EE0-4B0B-A66E-976CC7507CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "CFA9BFA1-6C15-4702-B2AC-1E2D3E6B4312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "4678389A-2EE0-49FC-AEA6-45CAEEF61F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "4100EF36-CDBB-493B-9D03-E1B70C5F055A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "859F4687-C937-476C-9DA6-2A0B18BEF3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "10E6C1A9-2917-471F-92EB-249E25F234C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "76C3CE8D-C4FC-4A1B-AC6A-5C27BE836DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "B95DE43E-F864-4A8E-8D49-3E2D7CFE6BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "CE887232-A798-4179-B870-01B26685D8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "7D19CBBB-8ED0-45B9-8977-6CCCA82DFF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "79E404AC-A27E-49AE-891D-CA9C7164D8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "BA930626-B4BA-4A2D-AF55-B4F0E94B1BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "85583966-C42B-4A27-B19D-B3E1C956A5A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de consumo de pila en el m\u00f3dulo res_http_websocket.so de Asterisk hasta la versi\u00f3n 13.23.0; versiones 14.7.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.6.0, as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.21-cert2. Permite que un atacante provoque el cierre inesperado de Asterisk mediante una petici\u00f3n HTTP para actualizar la conexi\u00f3n a un websocket."
}
],
"id": "CVE-2018-17281",
"lastModified": "2024-11-21T03:54:10.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-24T22:29:01.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-12 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA6DD0A-1C55-4334-8AF3-DB7B2EFB07E0",
"versionEndExcluding": "13.27.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "212B9BDD-ECC4-4CA3-B776-556C98EADF1D",
"versionEndExcluding": "15.7.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E458297-5218-48A3-8690-66E6C6549757",
"versionEndExcluding": "16.4.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en res_pjsip_messaging en Digium Asterisk versiones 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 versiones anteriores permite a los atacantes remotos autenticados cerrar inesperadamente Asterisk enviando un mensaje SIP MESSAGE especialmente dise\u00f1ado."
}
],
"id": "CVE-2019-12827",
"lastModified": "2024-11-21T04:23:40.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-12T20:15:11.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28 | |
| digium | certified_asterisk | 1.8.28.0 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50388096-3988-4931-B67B-156A9603E0EA",
"versionEndExcluding": "1.8.32.1",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
"versionEndExcluding": "11.14.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
},
{
"lang": "es",
"value": "(1) Los controladores de canales VoIP, (2) DUNDi, y (3) Asterisk Manager Interface (AMI) en Asterisk Open Source 1.8.x anterior a 1.8.32.1, 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 1.8.28 anterior a 1.8.28-cert3 y 11.6 anterior a 11.6-cert8 permite a atacantes remotos evadir las restricciones ACL a trav\u00e9s de un paquete con una fuente IP que no comparte la familia de direcciones como la primera entrada ACL."
}
],
"id": "CVE-2014-8412",
"lastModified": "2024-11-21T02:19:01.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:04.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-12 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D41387EE-E8B6-4B4F-BC52-7FED09322A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en WebSocket Server (el m\u00f3dulo res_http_websocket) en Asterisk Open Source 11.x anterior a 11.14.2, 12.x anterior a 12.7.2, y 13.x anterior a 13.0.2 y Certified Asterisk 11.6 anterior a 11.6-cert9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante el envio de un Frame de longitud cero despu\u00e9s de un Frame de longitud no cero."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2014-9374",
"lastModified": "2024-11-21T02:20:43.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-12T15:59:14.883",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60251"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71607"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-09 10:20
Modified
2024-11-21 01:41
Severity ?
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E50F92-00C1-4908-AA34-03F0C8B47DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49842130-C25E-43F6-9EC0-A7018AD915B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_business_edition:c.3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F830CEB-2B0B-4713-8C26-9FADE6C47673",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5B9023E8-DB6F-4DE2-BB1E-D941BE279477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6135C4-7930-4DD5-80CD-4DC7F53956D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
},
{
"lang": "es",
"value": "Asterisk Open Source v1.8.x anterior a v1.8.13.1 y v10.x anterior a v10.5.2, Asterisk Business Edition vC.3.x anterior a vC.3.7.5, Certified Asterisk v1.8.11-certx anterior a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anterior a v10.5.2-digiumphones no maneja una respuesta provisional a una petici\u00f3n SIP reINVITE de forma adecuada, lo que permite a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de puerto RTP) a trav\u00e9s de sesiones que carecen de repuestas finales."
}
],
"id": "CVE-2012-3863",
"lastModified": "2024-11-21T01:41:45.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-09T10:20:44.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-02 16:29
Modified
2024-11-21 03:12
Severity ?
Summary
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
"matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
},
{
"lang": "es",
"value": "En Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es ejecutar comandos sin autorizaci\u00f3n. El m\u00f3dulo app_minivm tiene una opci\u00f3n de configuraci\u00f3n de programa \"externnotify\" que es ejecutada por la aplicaci\u00f3n dialplan MinivmNotify. La aplicaci\u00f3n emplea el nombre y el n\u00famero caller-id como parte de una cadena integrada pasada al shell del sistema operativopara su interpretaci\u00f3n y ejecuci\u00f3n. Debido a que el nombre y el n\u00famero caller-id pueden proceder de una fuente no confiable, un nombre o n\u00famero caller-id permite una inyecci\u00f3n arbitraria de comandos shell."
}
],
"id": "CVE-2017-14100",
"lastModified": "2024-11-21T03:12:08.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-02T16:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873908"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-12 21:59
Modified
2024-11-21 03:02
Severity ?
Summary
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2016-009.html | Mitigation, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94789 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037408 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2016-009.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94789 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037408 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12745DB9-F19D-4507-A9FE-218B7BB29DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFFAE3F-3B78-49DE-8F01-2E439D9A6F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0501E88B-986A-44C6-A6B5-F2CB9087A8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "707296C4-153C-4ACF-B91A-AB5FA42260CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F596E34-529A-41AD-AD51-C1D7EEE0FFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC1BE0BB-A469-4DB6-88CF-80A065329C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EA68726-87EF-490F-BBB8-A321E6C7A16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8B3572-D6F6-45BD-9BE4-D532F9BF134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7738E036-DACC-42EE-B417-CB083319B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A6847720-D556-49D7-BD7F-E0559C6F5780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA81D724-584B-4863-B270-869C415DB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF76131B-DF2C-4C6A-8E6B-1319D231402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AB8C209-694F-41BF-9CF2-D68D4E58A43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6438A881-C806-4CC1-9828-C34BBB0FF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704EED6-C72D-427D-AD37-EBC4042CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AF835684-26C6-4734-B586-D5DB4DF33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EB76BC0-2B72-495E-80FC-C6B194648A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F1BC546-92E0-4285-8C18-37705F44B94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D50F0DF-54D3-4883-ADA2-DDB79F786182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0838BEC6-680A-4695-BD1B-309290F16A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F78D49-ED8C-43FF-AE6D-713E90F1A1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Asterisk Open Source 11.x en versiones anteriores a 11.25.1, 13.x en versiones anteriores a 13.13.1 y 14.x en versiones anteriores a 14.2.1 y Certified Asterisk 11.x en versiones anteriores a 11.6-cert16 y 13.x en versiones anteriores a 13.8-cert4. El controlador de canal chan_sip tiene una definici\u00f3n liberal de espacios en blanco cuando intenta quitar al contenido entre un nombre de encabezado SIP y un car\u00e1cter de dos puntos. En lugar de seguir la RFC 3261 y quitar s\u00f3lo espacios y pesta\u00f1as horizontales, Asterisk trata cualquier car\u00e1cter ASCII no imprimible como si fuera un espacio en blanco. Esto significa que los encabezados tal como Contact\\x01: se ver\u00e1n como un encabezado de Contact v\u00e1lido. Esto principalmente no plantea un problema hasta que Asterisk se coloca en t\u00e1ndem con un proxy SIP de autenticaci\u00f3n. En este caso, una combinaci\u00f3n h\u00e1bil de encabezados v\u00e1lidos y no v\u00e1lidos puede provocar que un proxy permita una petici\u00f3n INVITE en Asterisk sin autenticaci\u00f3n ya que cree que la solicitud es una petici\u00f3n de dialogo de entrada. Sin embargo, debido al error descrito anteriormente, la petici\u00f3n se ver\u00e1 como una solicitud fuera de di\u00e1logo para Asterisk. Asterisk procesara la solicitud como una nueva llamada. El resultado es que Asterisk pueda procesar llamadas desde fuentes de fuentes no examinadas sin autenticaci\u00f3n. Si no utiliza un proxy para la autenticaci\u00f3n, entonces este problema no le afecta. Si su proxy tiene conocimiento de di\u00e1logo (lo que siginifica que el proxy realiza un seguimiento de los cuadros de di\u00e1logos que son actualmente v\u00e1lidos), entonces este problema no le afecta. Si utiliza chan_pjsip en lugar de chan_sip, entonces este problema no le afecta."
}
],
"id": "CVE-2016-9938",
"lastModified": "2024-11-21T03:02:02.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-12T21:59:01.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 01:30
Modified
2024-11-21 03:13
Severity ?
Summary
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-008.html | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3990 | Third Party Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27274 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3990 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27274 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
"matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
},
{
"lang": "es",
"value": "En Asterisk enversiones 11.x anteriores a la 11.25.3, versiones 13.x anteriores a la 13.17.2 y versiones 14.x anteriores a la 14.6.2; y en Certified Asterisk en versiones 11.x anteriores a la 11.6-cert18 y versiones 13.x anteriores a la 13.13-cert6, una validaci\u00f3n insuficiente de paquetes RTCP podr\u00eda permitir la lectura de contenidos obsoletos del b\u00fafer y, cuando se combina con las opciones \"nat\" y \"symmetric_rtp\", permite las redirecciones en las que Asterisk env\u00eda el siguiente informe RTCP."
}
],
"id": "CVE-2017-14603",
"lastModified": "2024-11-21T03:13:11.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T01:30:21.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-02 05:29
Modified
2024-11-21 03:35
Severity ?
Summary
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-003.txt | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3933 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/98578 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/863902 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-26939 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-003.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3933 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98578 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/863902 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-26939 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:open_source:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A2C5FB-2E2E-4F4E-A797-AF39D41C0D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7644395B-43C7-48BC-AC6B-B3E935DE88BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7019C844-90CE-4D32-8837-94C433C382C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "362383FF-1E38-4F3F-8C4E-9294592A39EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35DC8E90-E91A-4BE0-ACAF-D2F0004EAA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4DB86C4-AE52-4553-9428-8A0FD48C4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E85E772D-00CB-4A28-806F-45BB645EFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFB4750-F605-4A78-B3DC-B54B956C049E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DEC31AC-E133-4B4E-9903-8CEE3F176846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36120DF2-822D-4AD2-8A91-EA0846CB49F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B4818640-8F0C-4428-86A6-EAB89AF5B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7E8D0E3A-C984-4B4B-81E8-C8AECF1EE557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B44BB12-A93B-47D4-9E93-55C077F53A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1500E120-26A4-4EFE-8813-5AF602F6E2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9887311B-D13C-4309-AB66-B30F43CAEE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51727C0-4620-4F05-9437-580FD0D5E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF28CB9-7ED7-4EA7-AE86-937B81706938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5375418-CC58-4483-ADB9-CC020BBE3B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35D4E5CB-A3EB-412C-A33E-A487E081D4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "065DB5F9-B797-41FD-AE20-50EC099FD7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4113D94A-7C17-4201-BDF3-FCBE7AA7D348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C79E8ADE-EE51-442F-8104-4212C35EF626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C8B668-AA45-4BB4-AE31-FED335F2434D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDF369A-FE19-4C1D-BB3A-883A030F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01FE18-F706-405A-A5B8-D873D41203F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA7B709-BC5F-46D1-B632-8C2C6A4F1CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E7789B9-B7C1-4B16-835B-BB4E965477CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7046623-9371-41E4-B31F-8642CF9EE196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC7C29B7-0EF4-410B-BCAE-6A8631566026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7DC262-6C90-4984-A129-AD2762273EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1F24B121-92AA-427F-BB69-FC76F1F50670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "216FA98C-4B79-4215-A941-C90776871C08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4D3E102-EFAD-48FF-B8BB-AAA9E1669CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "100A6AFB-628C-4469-B8EB-6E4821105DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "D078BC05-F6E0-4183-9A27-8F53ECAAE7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "6A16BD47-0634-40A5-8422-0A2ECAF2C55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C608FBEF-143A-4EC3-903F-8832E0A7145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5D169B3-A7C7-40F0-B918-44A11682FB4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet."
},
{
"lang": "es",
"value": "El analizador multi-part body en PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versi\u00f3n 13.13 y anteriores a 13.13-cert4, y otros productos, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y bloqueo de aplicaci\u00f3n) por medio de un paquete especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-9359",
"lastModified": "2024-11-21T03:35:54.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-02T05:29:00.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-003.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98578"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863902"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26939"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-007.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3000F83F-4D47-4BA8-BF35-844C41BFBE18",
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C549ED-B864-47C9-ACD8-C695FC7DAE57",
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F12809-5F7E-4B99-A028-30B43BAFB5A6",
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC7665A-FF2F-4A20-B695-96C2217D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "18C39C0A-7F81-4734-8C1D-4FFDF070F526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F809DB3A-457F-4DEF-9B11-E3FCDF2D8466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1F170494-F60A-42C2-A2CE-1BB5BDCC8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "2A28B713-6CBB-4F4D-A54B-17758DD35EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7D110F5-E431-4F31-8723-494D20D9108D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AMI) autenticado remoto sin autorizaci\u00f3n del sistema podr\u00eda usar una petici\u00f3n Originate AMI especialmente dise\u00f1ada para ejecutar comandos arbitrarios del sistema."
}
],
"id": "CVE-2019-18610",
"lastModified": "2024-11-21T04:33:21.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T18:15:11.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 22:55
Modified
2024-11-21 02:00
Severity ?
Summary
Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE78F4A2-B165-446C-AA1C-7A9E13718C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD97918-B589-4422-B695-C3C00203A3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1E59E84-F3FF-44FF-BC7D-31F3880E32F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D9C7006-F5B1-4171-BB44-182C39DE3AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D2B210-3ADA-40AD-A575-DB88A9F71C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7C53CD-260C-49F5-BCA4-E1D0A58E0B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB19B2F7-5685-449F-858C-C226D2A373B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D10B9E8C-3B72-490B-A276-A745299DA3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E63CF763-0682-4453-8D07-C9253C179486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDB7AA1-25A7-4BED-A875-C0494E973EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0BCE319-8C87-4521-BEAA-02F0EF47B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A2534F0-3DEE-4FCB-B15D-97D1836CE83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D3F38B78-8215-43D6-8C5C-6DB8E6C34F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B76B-4713-4281-AB4B-B17901121B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "08EE9963-2A44-48A0-8A1B-919CCE3652FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19C7B58B-6591-45B5-B527-50FA0A5BD1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05D3825F-3B95-4056-AF3C-43269734BA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "806F60DA-FAA1-4C13-889B-0FF518C01E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n unpacksms16 en apps/app_sms.c en Asterisk Open Source 1.8.x en versiones anteriores a 1.8.24.1, 10.x en versiones anteriores a 10.12.4 y 11.x en versiones anteriores a 11.6.1; Asterisk con Digiumphones 10.x-digiumphones en versiones anteriores a 10.12.4-digiumphones y Certified Asterisk 1.8.x en versiones anteriores a 1.8.15-cert4 y 11.x en versiones anteriores a 11.2-cert3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un mensaje 16-bit SMS con un n\u00famero impar de bytes, lo que desencadena un bucle infinito."
}
],
"id": "CVE-2013-7100",
"lastModified": "2024-11-21T02:00:20.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T22:55:04.570",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/101100"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56294"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64364"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029499"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| digium | certified_asterisk | 13.21 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE39000C-238B-45D9-A2C0-9907A7FB4C36",
"versionEndIncluding": "13.29.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9D13EC-820A-4D7E-9AB1-F81DCFF324DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert4:*:*:*:*:*:*",
"matchCriteriaId": "BF36760E-856B-4D74-98BF-129323E9306B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo res_pjsip_t38.c en Sangoma Asterisk versiones hasta 13.x y Certified Asterisk versiones hasta 13.21-x. Si recibe una nueva invitaci\u00f3n para iniciar el env\u00edo de faxes T.38 y tiene un puerto de 0 y sin l\u00ednea c en el SDP, se producir\u00e1 una desreferencia del puntero NULL y un bloqueo. Esto es diferente de CVE-2019-18940."
}
],
"id": "CVE-2019-18976",
"lastModified": "2024-11-21T04:33:55.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T17:15:11.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDFB271-72DA-4E23-87A0-E50EE633843F",
"versionEndExcluding": "11.14.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21F0B73-A30F-4673-B3A8-D9F456FFCEF2",
"versionEndExcluding": "12.7.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C83CD93-7CBA-4FF0-B29E-A509F4A3D5E2",
"versionEndExcluding": "13.0.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
},
{
"lang": "es",
"value": "ConfBridge en Asterisk 11.x anterior a 11.14.1, 12.x anterior a 12.7.1, y 13.x anterior a 13.0.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 permite a usuarios remotos autenticados (1) ganar privilegios a trav\u00e9s de vectores relacionados con un protocolo externo en la funci\u00f3n CONFBRIDGE dialplan o (2) ejecutar comandos del sistema arbitrarios a trav\u00e9s de una acci\u00f3n ConfbridgeStartRecord AMI manipulada."
}
],
"id": "CVE-2014-8417",
"lastModified": "2024-11-21T02:19:02.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:09.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 19:15
Modified
2024-11-21 05:22
Severity ?
Summary
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2020-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29057 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2020-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29057 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * | |
| sangoma | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F2741E-7FB6-4817-B44C-57502EF9BE45",
"versionEndExcluding": "13.37.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEF5146-78E5-4391-A789-89E03492FC71",
"versionEndExcluding": "16.14.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EABD6FC4-4053-4925-895B-D539336B47DB",
"versionEndExcluding": "17.8.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "338F78D3-1BE4-4876-9E79-1CE45EB28A00",
"versionEndExcluding": "18.0.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
},
{
"lang": "es",
"value": "Se detect\u00f3 un bloqueo de res_pjsip_session en Asterisk Open Source versiones 13.x anteriores a 13.37.1, versiones 16.x anteriores a 16.14.1, versiones 17.x anteriores a 17.8.1 y versiones 18.x anteriores a 18.0.1.\u0026#xa0;y Certified Asterisk anteriores a 16.8-cert5.\u0026#xa0;Tras recibir una nueva invitaci\u00f3n SIP, Asterisk no devolvi\u00f3 el cuadro de di\u00e1logo dise\u00f1ado bloqueado o referenciado.\u0026#xa0;Esto provoc\u00f3 una brecha entre la creaci\u00f3n del objeto de di\u00e1logo y su pr\u00f3ximo uso por parte del subproceso que lo cre\u00f3.\u0026#xa0;Dependiendo de algunas circunstancias y tiempos fuera de lo nominal, fue posible que otro subproceso liberara dicho cuadro de di\u00e1logo en este espacio.\u0026#xa0;Asterisk podr\u00eda bloquearse cuando el objeto de di\u00e1logo, o cualquiera de sus objetos dependientes, fueran desreferenciados o accedidos a continuaci\u00f3n por el subproceso de creaci\u00f3n inicial.\u0026#xa0;Sin embargo, tome en cuenta que este bloqueo solo puede ocurrir cuando se usa un protocolo orientado a la conexi\u00f3n (por ejemplo, TCP o TLS, pero no UDP) para el transporte SIP.\u0026#xa0;Adem\u00e1s, el cliente remoto debe estar autenticado, o Asterisk debe estar configurado para llamadas an\u00f3nimas"
}
],
"id": "CVE-2020-28327",
"lastModified": "2024-11-21T05:22:33.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T19:15:14.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
},
{
"lang": "es",
"value": "Asterisk Open Source 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 11.6 anterior a 11.6-cert3 permite a usuarios remotos autenticados Manager ejecutar comandos del sistema arbitrarios a trav\u00e9s de una acci\u00f3n MixMonitor."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"",
"id": "CVE-2014-4046",
"lastModified": "2024-11-21T02:09:24.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:07.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-13 20:29
Modified
2024-11-21 03:18
Severity ?
Summary
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | * | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CE0074-C728-4A0C-AF7B-E5F095C7AD9E",
"versionEndExcluding": "13.18.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A023AEF-773E-4DD8-B860-5B1D4E061F85",
"versionEndExcluding": "14.7.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8300EA07-CDDD-49C2-8F73-BBE6749000CB",
"versionEndExcluding": "15.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
"versionEndIncluding": "13.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
"matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
"matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4298EEE5-3F0E-4227-ACF8-CEE18868055F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de cierre inesperado remoto en Asterisk Open Source en versiones 13.x anteriores a la 13.18.4; versiones 14.x anteriores a la 14.7.4 y las versiones 15.x anteriores a la 15.1.4, as\u00ed como Certified Asterisk en versiones anteriores a la 13.13-cert9. Ciertos paquetes compuestos RTCP pueden provocar un cierre inesperado en la pila RTCP."
}
],
"id": "CVE-2017-17664",
"lastModified": "2024-11-21T03:18:25.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T20:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2024-11-21 02:06
Severity ?
Summary
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
},
{
"lang": "es",
"value": "main/http.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1 y Certified Asterisk 1.8.x anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de pila) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud HTTP con un n\u00famero grande de cabeceras de cookies."
}
],
"id": "CVE-2014-2286",
"lastModified": "2024-11-21T02:06:00.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:37.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 20:15
Modified
2024-11-21 05:56
Severity ?
Summary
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Sangoma Asterisk versiones 16.x anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6.\u0026#xa0;Al renegociar para T.38, si la respuesta remota inicial se retras\u00f3 lo suficiente, Asterisk enviar\u00eda tanto audio como T.38 en el SDP.\u0026#xa0;Si esto sucediera, y el control remoto respondiera con una transmisi\u00f3n T.38 rechazada, entonces Asterisk podr\u00eda bloquearse"
}
],
"id": "CVE-2021-26717",
"lastModified": "2024-11-21T05:56:44.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T20:15:12.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-22 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "25E7F7F5-E85A-4720-B5C9-2B776B04D904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1EA7C5-CE37-4A7E-AF81-636228F3BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10823FD4-D618-4050-91D7-CBDE69BC570D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:-:*:*:*:*:*:*",
"matchCriteriaId": "96463965-1F99-42DB-9745-5B4E49A48F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74CB86-72C3-4913-8EB6-3BBA1D3BC65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
"matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
},
{
"lang": "es",
"value": "chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3, cuando la configuraci\u00f3n de timert1 en sip.conf se establece en un valor mayor que 1245, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de descriptor de archivo) a trav\u00e9s de vectores relacionados con valores de caducidad de retransmisi\u00f3n grandes."
}
],
"id": "CVE-2016-2316",
"lastModified": "2024-11-21T02:48:13.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-22T15:59:02.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034930"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 21:15
Modified
2024-11-21 05:56
Severity ?
Summary
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA727A7F-D350-450F-BF24-9E6D45FA6930",
"versionEndIncluding": "13.38.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
},
{
"lang": "es",
"value": "Los controles de acceso incorrectos en el archivo res_srtp.c en Sangoma Asterisk versiones 13.38.1, 16.16.0, 17.9.1 y 18.2.0 y Certified Asterisk 16.8-cert5, permite a un atacante remoto no autenticado finalizar prematuramente llamadas seguras al reproducir paquetes SRTP"
}
],
"id": "CVE-2021-26712",
"lastModified": "2024-11-21T05:56:43.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T21:15:11.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6 | |
| digium | certified_asterisk | 11.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6A0AB389-2564-4C10-86EB-130672C62AC1",
"versionEndIncluding": "11.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
},
{
"lang": "es",
"value": "ConfBridge en Asterisk 11.x anterior a 11.14.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 no maneja debida mente los cambios de estado, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de canal y consumo de memoria) al causar que transiciones se retrasen, lo que provoca un cambio de estado de estar colgado a estar esperado medios."
}
],
"id": "CVE-2014-8414",
"lastModified": "2024-11-21T02:19:02.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:06.403",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 17:08
Modified
2024-11-21 03:18
Severity ?
Summary
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-014.html | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1040056 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27480 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040056 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27480 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.1.0 | |
| digium | certified_asterisk | 13.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE78C41-D7BE-4910-BB77-3DFB63690382",
"versionEndIncluding": "13.18.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A845013E-DD73-45F2-A962-6F0A580A4E95",
"versionEndIncluding": "14.7.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09447B7F-89BA-4FD5-8E6F-A166681A22F7",
"versionEndIncluding": "15.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
"matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Asterisk en versiones 13.18.4 y anteriores, 14.7.4 y anteriores, 15.1.4 y anteriores y 13.18-cert1 y anteriores. Un conjunto de mensajes SIP seleccionados crean un di\u00e1logo en Asterisk. Estos mensajes SIP deben contener una cabecera contact. Para estos mensajes, si la cabecera no estuviera presente y se utilizase el controlador de canal PJSIP, Asterisk se cerrar\u00eda de forma inesperada. La gravedad de esta vulnerabilidad se mitiga en cierta medida habilitando la autenticaci\u00f3n. Si se habilita la autenticaci\u00f3n, un usuario tendr\u00eda que estar autorizado antes de alcanzar el punto de cierre inesperado."
}
],
"id": "CVE-2017-17850",
"lastModified": "2024-11-21T03:18:48.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T17:08:20.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 14:55
Modified
2024-11-21 01:43
Severity ?
Summary
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*",
"matchCriteriaId": "78E8936C-033B-49E6-BB39-D5BBBC80EB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*",
"matchCriteriaId": "5D05D04F-CD6C-4A73-885C-306D7A5CC7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*",
"matchCriteriaId": "3805B5F3-A4CD-469F-9F8A-A271A79A2B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*",
"matchCriteriaId": "9FAEBE5E-378A-40DC-B2B9-31F6D1305BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*",
"matchCriteriaId": "617B3FE8-39E3-41C0-9348-9507DA43DE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*",
"matchCriteriaId": "04AB4C82-71BB-49B7-B4F3-4E75EFB5F1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*",
"matchCriteriaId": "78B55176-E269-411B-974A-B5D2CE8E08C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*",
"matchCriteriaId": "9BCF12B0-4B8D-499D-B5DE-FB0CD9EEC3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*",
"matchCriteriaId": "9ED68059-F0E5-4B1B-B633-466D92F38346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:c.3.7.5:-:business:*:*:*:*:*",
"matchCriteriaId": "BFE16F42-025D-4C9D-AD4A-08FDEF957F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
},
{
"lang": "es",
"value": "channels/chan_iax2.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-1.8.11 antes de cert7, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 no hace cumplir las reglas de ACL durante ciertos usos del par de credenciales, lo que permite a usuarios remotos autenticados eludir las restricciones de llamadas de salida aprovech\u00e1ndose de la disponibilidad de estas credenciales.\r\n"
}
],
"id": "CVE-2012-4737",
"lastModified": "2024-11-21T01:43:26.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T14:55:01.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55335"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027461"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-02 00:29
Modified
2024-11-21 03:17
Severity ?
Summary
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | certified_asterisk | * | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | certified_asterisk | 13.13 | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E7AD0-0B51-47BC-8746-CAC7C63F8AE8",
"versionEndIncluding": "13.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
"matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
"matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA00E078-97B8-4C2D-BD07-DB2A25908303",
"versionEndIncluding": "13.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE71990-160B-413F-AB66-C29C7C1CC82F",
"versionEndIncluding": "14.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D39329BD-4A6B-48DB-AFDB-DC58154CBDD8",
"versionEndIncluding": "15.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (tambi\u00e9n conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones."
}
],
"id": "CVE-2017-17090",
"lastModified": "2024-11-21T03:17:27.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-02T00:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/43992/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-12 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.digium.com/pub/security/AST-2019-003.html | Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-28465 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.digium.com/pub/security/AST-2019-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-28465 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*",
"matchCriteriaId": "27E0B1E7-1DA3-47C4-AA2A-54D4C2C48A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "05D19102-FF8D-439F-87E7-B1FE97C55F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EC4CE45-1378-402C-8552-745B6414B9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F97E946-8876-417D-9C49-D990A14CFBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5-rc2:*:*:*:*:*:*",
"matchCriteriaId": "887F4341-84C2-40F6-BB7C-68DAFC3D188E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9-rc1:*:*:*:*:*:*",
"matchCriteriaId": "C5CBAA8C-29D9-468C-9FA3-CBC005793955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
"matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*",
"matchCriteriaId": "593ED9E3-D56C-4336-976B-27D30EED658A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert7:*:*:*:*:*:*",
"matchCriteriaId": "9FBB5951-3D34-4808-BBC3-5402147FE6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "536ECC06-D2DC-474F-AB44-7A8B16ADFC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6001EFB8-A539-4F3C-B9F3-7A513FA458BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1035C6D2-E8FD-4FFA-9AC7-17534609D68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:*:*:*:*",
"matchCriteriaId": "DBD12EE0-78F6-450F-9AD9-D64A55377D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert5:*:*:*:*:*:*",
"matchCriteriaId": "BFA21D5A-0BC6-45E0-AD84-F91F185275B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F596E34-529A-41AD-AD51-C1D7EEE0FFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC1BE0BB-A469-4DB6-88CF-80A065329C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EA68726-87EF-490F-BBB8-A321E6C7A16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8B3572-D6F6-45BD-9BE4-D532F9BF134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7738E036-DACC-42EE-B417-CB083319B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A6847720-D556-49D7-BD7F-E0559C6F5780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BA81D724-584B-4863-B270-869C415DB5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert1:*:*:*:*:*:*",
"matchCriteriaId": "02317CB5-C06E-414B-96A3-255607A5DF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9F2FC5E1-6E2E-4C7A-A888-60FCA303CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert2:*:*:*:*:*:*",
"matchCriteriaId": "08DEE3EC-63F3-45EB-947E-E8503DBD3669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2:cert3:*:*:*:*:*:*",
"matchCriteriaId": "D68D79BE-8302-42D1-87C2-0F2CFF8B1796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF76131B-DF2C-4C6A-8E6B-1319D231402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AB8C209-694F-41BF-9CF2-D68D4E58A43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6438A881-C806-4CC1-9828-C34BBB0FF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704EED6-C72D-427D-AD37-EBC4042CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AF835684-26C6-4734-B586-D5DB4DF33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4EB76BC0-2B72-495E-80FC-C6B194648A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9F1BC546-92E0-4285-8C18-37705F44B94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D50F0DF-54D3-4883-ADA2-DDB79F786182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0838BEC6-680A-4695-BD1B-309290F16A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F78D49-ED8C-43FF-AE6D-713E90F1A1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "B178B8F1-4AF8-478A-B842-DD5047D65C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9D5545B-44D5-4872-8702-8D49579DE531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc1:*:*:*:*:*:*",
"matchCriteriaId": "5EE8689E-AF57-400D-B321-D3F66D1169FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14-rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C55AA35-5E1C-4411-BC01-0FF9D1928EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert17:*:*:*:*:*:*",
"matchCriteriaId": "9A416C55-D670-4CCC-BEFE-12CB3438C81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert18:*:*:*:*:*:*",
"matchCriteriaId": "A79C0247-82DD-4EE7-80F6-9D3DCBB30FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "8A9D3C5C-627E-43A3-89C2-95F7B8803361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5060CAED-EEAB-4AD1-B964-F6538499BF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
"matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3:*:*:*:*:*:*",
"matchCriteriaId": "61816D1A-D952-4E4F-B5DD-3B7A94BD8596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B4693A3-86BC-4368-AFDA-B0E323776957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert4:*:*:*:*:*:*",
"matchCriteriaId": "4D1D0689-E276-47DD-B51A-C221F12C60A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert5:*:*:*:*:*:*",
"matchCriteriaId": "8433CB3B-56BA-4674-AC2B-813A7F3EDEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert6:*:*:*:*:*:*",
"matchCriteriaId": "9E1066C8-8A7E-487B-8D9B-DD4A55A5C5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert7:*:*:*:*:*:*",
"matchCriteriaId": "3C1A0AE4-EA01-445E-89AE-1A9734478994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4497BD45-DFC5-4729-98CD-20C94BC20C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
"matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C7605A6-380F-44E8-81A1-5BDAEBFFB0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "43DB632E-C528-40E3-8EB0-AA6A7476657C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2016E8F9-542D-46CE-905D-3CBAF97A24A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC283754-B316-4BCE-8EEB-63CAFE68D601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D111448-7C39-4A6D-B492-B3D3DCEA8424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6267CC33-3961-4D9A-899B-4F34BAD64067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CCF7282-A16F-499E-B607-929F346A85A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A52E12AB-99CA-4A34-A0CA-E8B511636A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "ACFD2F39-957E-42CE-8016-21314F432335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "22E13F7F-1D64-4248-84F2-C6E89A2FC977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB08CB2-8FB4-4738-9B67-C27273A78025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E36EFEF-670E-4659-A887-D497D4AA8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED18370-B09E-44D8-8E84-1B0DCDF81864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "2F2F88BE-10E5-4C21-B67B-1AC264921663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "0742A842-254A-4008-9D77-D0A810110841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "06396597-A5D1-4C30-B07F-E989E322733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*",
"matchCriteriaId": "0D12B31E-C30C-442A-9BD8-504CF7EB1321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*",
"matchCriteriaId": "B43DA484-83DC-4489-9037-B85B845078E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*",
"matchCriteriaId": "D8740005-0BCF-4B76-A600-25A9BF0F3C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4298EEE5-3F0E-4227-ACF8-CEE18868055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert9:*:*:*:*:*:*",
"matchCriteriaId": "AC42C2B5-4F5F-4D5E-9240-9F104BBB5D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13-cert2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC2D03A-A47C-4211-8FAA-D357E9B98EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
"matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "538C22F0-4DC4-463E-950C-3594E2935B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C3D4786-5B7C-4F8B-9EBE-1C13599EC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "03C662D2-48CF-41DD-BE6B-C2A961C32D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
"matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*",
"matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert4:*:*:*:*:*:*",
"matchCriteriaId": "B69E9C34-4F57-4948-9D53-0856E00F7949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC85AF18-A304-4BD8-AFAA-F99AC37A799B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "03094F8E-FF0C-4831-A50F-B601949FD3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6A7B650A-4785-4A8B-BCB6-1B630A0E18E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert3:*:*:*:*:*:*",
"matchCriteriaId": "6B791DBB-EB45-4E9C-9C57-249D196EC0E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2404213-CAA0-4E84-9D73-7DC8D7DCB558",
"versionEndExcluding": "13.27.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B32887-22B1-4B06-A18D-0C8B690CA699",
"versionEndExcluding": "15.7.3",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B58771D-C37A-487D-8B82-C63F7F45E217",
"versionEndExcluding": "16.4.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Asterisk Open Source hasta versiones 13.27.0, 14.x y 15.x hasta 15.7.2, y versiones 16.x hasta 16.4.0, y Certified Asterisk hasta versi\u00f3n 13.21-cert3. Una desreferencia de puntero en chan_sip durante el manejo de la negociaci\u00f3n SDP permite a un atacante bloquear Asterisk cuando maneja una respuesta SDP en una re-invitaci\u00f3n T.38 saliente. Para explotar esta vulnerabilidad un atacante debe hacer que el m\u00f3dulo chan_sip les env\u00ede una petici\u00f3n de re-invitaci\u00f3n T.38. Una vez recibida, el atacante debe enviar una respuesta SDP que contenga tanto un flujo UDPTL T.38 como otro flujo multimedia que contenga solo un c\u00f3dec (lo que no est\u00e1 permitido de acuerdo a la configuraci\u00f3n de chan_sip)."
}
],
"id": "CVE-2019-13161",
"lastModified": "2024-11-21T04:24:19.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-12T20:15:11.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-10 14:59
Modified
2024-11-21 03:32
Severity ?
Summary
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/97377 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.debian.org/859910 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97377 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/859910 | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30F0A0-EE30-496A-ACF0-A9B1BCA46D73",
"versionEndIncluding": "13.13-cert2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
},
{
"lang": "es",
"value": "La ejecuci\u00f3n remota de c\u00f3digo puede ocurrir en Asterisk Open Source 13.x en versiones anteriores a 13.14.1 y 14.x en versiones anteriores a 14.3.1 y Asterisk certificado 13.13 en versiones anteriores a 13.13-cert3 debido a un desbordamiento de b\u00fafer en un campo de usuario de CDR, relacionado con X-ClientCode en chan_sip , La funci\u00f3n de dialplan CDR y la acci\u00f3n Monitor AMI."
}
],
"id": "CVE-2017-7617",
"lastModified": "2024-11-21T03:32:17.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-10T14:59:00.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/859910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/859910"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-18 22:14
Modified
2024-11-21 02:06
Severity ?
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
},
{
"lang": "es",
"value": "channels/chan_sip.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1, y Certified Asterisk 1.8.15 anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, cuando chan_sip tiene cierta configuraci\u00f3n, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de canal y consumo de descriptores de archivo) a trav\u00e9s de una solicitud INVITE con una cabecera (1) Session-Expires o (2) Min-SE con un valor malformado o invalido."
}
],
"id": "CVE-2014-2287",
"lastModified": "2024-11-21T02:06:00.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-18T22:14:38.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66094"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-02 14:29
Modified
2024-11-21 03:35
Severity ?
Summary
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2017-002.txt | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3933 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/98572 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1038529 | ||
| cve@mitre.org | https://bugs.debian.org/863901 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2017-002.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3933 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98572 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038529 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/863901 | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:open_source:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A2C5FB-2E2E-4F4E-A797-AF39D41C0D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7644395B-43C7-48BC-AC6B-B3E935DE88BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7019C844-90CE-4D32-8837-94C433C382C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "362383FF-1E38-4F3F-8C4E-9294592A39EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35DC8E90-E91A-4BE0-ACAF-D2F0004EAA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4DB86C4-AE52-4553-9428-8A0FD48C4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E85E772D-00CB-4A28-806F-45BB645EFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFB4750-F605-4A78-B3DC-B54B956C049E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DEC31AC-E133-4B4E-9903-8CEE3F176846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36120DF2-822D-4AD2-8A91-EA0846CB49F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B4818640-8F0C-4428-86A6-EAB89AF5B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7E8D0E3A-C984-4B4B-81E8-C8AECF1EE557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B44BB12-A93B-47D4-9E93-55C077F53A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1500E120-26A4-4EFE-8813-5AF602F6E2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9887311B-D13C-4309-AB66-B30F43CAEE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51727C0-4620-4F05-9437-580FD0D5E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF28CB9-7ED7-4EA7-AE86-937B81706938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5375418-CC58-4483-ADB9-CC020BBE3B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35D4E5CB-A3EB-412C-A33E-A487E081D4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "065DB5F9-B797-41FD-AE20-50EC099FD7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4113D94A-7C17-4201-BDF3-FCBE7AA7D348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C79E8ADE-EE51-442F-8104-4212C35EF626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C8B668-AA45-4BB4-AE31-FED335F2434D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADDF369A-FE19-4C1D-BB3A-883A030F0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01FE18-F706-405A-A5B8-D873D41203F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA7B709-BC5F-46D1-B632-8C2C6A4F1CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E7789B9-B7C1-4B16-835B-BB4E965477CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7046623-9371-41E4-B31F-8642CF9EE196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC7C29B7-0EF4-410B-BCAE-6A8631566026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:open_source:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E08B0F49-32DD-473D-A5A0-92B87918899D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "980C5A32-3C0F-42F3-8BEC-8202186EBFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0E68E591-F39B-4FAF-A4F6-B91F598AB8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "237C7B68-90FF-4F5B-81CC-E3257B988FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B4D2888E-EEE3-418E-8A7C-A3B51B9B6FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7DC262-6C90-4984-A129-AD2762273EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1F24B121-92AA-427F-BB69-FC76F1F50670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "216FA98C-4B79-4215-A941-C90776871C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE34DC7E-92B5-4E5A-9773-80A6D4A7F72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "455A6BED-8493-4CE8-BBB0-112644786AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:open_source:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "58846F24-1FE8-495D-9297-3331AE73002D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4D3E102-EFAD-48FF-B8BB-AAA9E1669CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "100A6AFB-628C-4469-B8EB-6E4821105DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "D078BC05-F6E0-4183-9A27-8F53ECAAE7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "6A16BD47-0634-40A5-8422-0A2ECAF2C55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C608FBEF-143A-4EC3-903F-8832E0A7145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5D169B3-A7C7-40F0-B918-44A11682FB4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter."
},
{
"lang": "es",
"value": "PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versi\u00f3n 13.13 y anteriores a 13.13-cert4, y otros productos, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer y bloqueo de aplicaci\u00f3n) por medio de un paquete SIP con un encabezado CSeq especialmente dise\u00f1ado junto con un encabezado Via que carece de un par\u00e1metro branch."
}
],
"id": "CVE-2017-9372",
"lastModified": "2024-11-21T03:35:56.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-02T14:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98572"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038529"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863901"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 20:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA1B0D-474E-4F73-A329-F703C928C07D",
"versionEndExcluding": "13.38.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10CB148-DF9C-4134-A417-3B111C036E20",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo res_pjsip_session.c en Digium Asterisk versiones hasta 13.38.1;\u0026#xa0;14.x, 15.x y 16.xa 16.16.0;\u0026#xa0;17.xa 17.9.1;\u0026#xa0;y 18.xa 18.2.0, y Certified Asterisk versiones hasta 16.8-cert5.\u0026#xa0;Una vulnerabilidad de negociaci\u00f3n SDP en PJSIP permite a un servidor remoto bloquear potencialmente Asterisk mediante el env\u00edo de respuestas SIP espec\u00edficas que causan un fallo en la negociaci\u00f3n SDP"
}
],
"id": "CVE-2021-26906",
"lastModified": "2024-11-21T05:57:00.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T20:15:12.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-17 16:59
Modified
2024-11-21 02:58
Severity ?
Summary
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12745DB9-F19D-4507-A9FE-218B7BB29DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6047FB-D1BD-4E21-B6BC-E51374C4B0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFFAE3F-3B78-49DE-8F01-2E439D9A6F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0501E88B-986A-44C6-A6B5-F2CB9087A8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B635C21-C193-43AF-A139-98604F324ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "707296C4-153C-4ACF-B91A-AB5FA42260CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:lts:*:*:*",
"matchCriteriaId": "BFFD88AD-C82E-4C5C-9C4F-8A49176E3E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:lts:*:*:*",
"matchCriteriaId": "6797C78B-BB9A-46B4-8F0B-492FB1988BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:lts:*:*:*",
"matchCriteriaId": "10A38D53-6C8E-493E-8207-F4CF7D754A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:lts:*:*:*",
"matchCriteriaId": "4CC0C753-9179-4C71-AFD8-C4601D8C865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*",
"matchCriteriaId": "38E19C8E-9FD6-4A44-81C6-EEC91BC2CB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2016E8F9-542D-46CE-905D-3CBAF97A24A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC283754-B316-4BCE-8EEB-63CAFE68D601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D111448-7C39-4A6D-B492-B3D3DCEA8424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8:cert2_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A52E12AB-99CA-4A34-A0CA-E8B511636A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB08CB2-8FB4-4738-9B67-C27273A78025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1E36EFEF-670E-4659-A887-D497D4AA8223",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
},
{
"lang": "es",
"value": "chain_sip en Asterisk Open Source 11.x en versiones anteriores a 11.23.1 y 13.x 13.11.1 y Certified Asterisk 11.6 en versiones anteriores a 11.6-cert15 y 13.8 en versiones anteriores a 13.8-cert3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento portuario)"
}
],
"id": "CVE-2016-7551",
"lastModified": "2024-11-21T02:58:11.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-17T16:59:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-02 16:29
Modified
2024-11-21 03:12
Severity ?
Summary
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE4127D-8123-4408-86D3-08168A4501B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8836F348-66DF-43BC-9962-946018D13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3D89C7-909F-419A-9EE8-A1F0D02934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92ECBCD-1EE3-498A-B3A4-22BF8EFD2EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65607103-4284-430A-8212-AC1DCFFFA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00099DC9-D437-429B-9D08-F0DFA4942A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89504BDC-82F7-4813-9C1E-456C9ACC6FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118C550E-79A8-431E-BADB-710EEEEDC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF6BC60-23F5-46A1-83F8-F4BCDEF196EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA174-3CA3-49DB-BA19-D2BCF4F8953F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400EA2E1-B178-467F-BBC2-1B2ECEDE662A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00A6C7-D3CF-40B5-A586-06E09C5AA1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25D043-EE0D-49A5-A468-03EDD9CFE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA17630B-444D-4AE4-B582-F8106C4EEFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62A20D6B-62FE-440D-BC58-F764AAA5562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2AE880B-2FA2-42BB-BEBF-771E18FDA141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC982D1B-B018-474E-94BE-2157C21276C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F26815C8-8E43-4C26-947B-986EFFF0ACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E8213E-650F-4C95-B9E5-753E7784EF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8F794-A7F2-4B8F-B36C-55E61DC6939A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7FC3A1-AFB0-4280-BFC5-68F61CFD0AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:*:*:*:*",
"matchCriteriaId": "5CEBE67E-A3E5-4BC9-8740-4F51123CC9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:*:*:*:*",
"matchCriteriaId": "CD094E25-5E10-4564-9A4D-BE5A14C2815F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert12:*:*:*:*:*:*",
"matchCriteriaId": "B6873174-0109-402F-ADCA-B1635F441FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert13:*:*:*:*:*:*",
"matchCriteriaId": "B529CD2F-2958-44E6-839A-3E4FE392B1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14:*:*:*:*:*:*",
"matchCriteriaId": "B961BF46-DEF7-4804-AF9A-D13F160FA213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDC801D4-7A69-4855-8757-24ACE70D784B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert14_rc2:*:*:*:*:*:*",
"matchCriteriaId": "60C2B8F0-7722-48B5-89AA-435F52CBC0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert15:*:*:*:*:*:*",
"matchCriteriaId": "B9305CA8-835C-4DFF-9CD8-C1072BACED42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert16:*:*:*:*:*:*",
"matchCriteriaId": "B3729EA6-3949-4854-80D4-DC5587161FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7D60B24-C509-49C3-87A9-49D05CB44183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9978-44E7-4D39-BEC6-5C6DB7F893E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:*:*:*:*",
"matchCriteriaId": "69BA61A8-2A95-4800-BB4E-692BA4321A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:*:*:*:*",
"matchCriteriaId": "C481D8B0-622D-491D-B292-717B0369B507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:*:*:*:*",
"matchCriteriaId": "BC8390D4-F339-43FF-9F2B-71331D4ECB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:*:*:*:*",
"matchCriteriaId": "4490B76B-FA41-43DB-9A31-6B3F220F1907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0449B393-FA4E-4664-8E16-BE6B94E4872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2ED8E415-64FA-4E77-A423-3478E606E58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "E13CA1DD-B384-4408-B4EC-1AA829981016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "EE28BD0A-EA30-4265-A5D6-0390F3558D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F82048D-C65F-4439-BBE4-2D4A9B07EB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*",
"matchCriteriaId": "6447B77F-3770-4703-9188-B7344ED98E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*",
"matchCriteriaId": "5C103924-1D61-4090-8ED5-4731371B2B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*",
"matchCriteriaId": "08F87B09-3867-4CAE-BAD7-2206CD6CAF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
},
{
"lang": "es",
"value": "En res/res_rtp_asterisk.c en Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es posible divulgar datos sin autorizaci\u00f3n si un atacante ataca en el momento adecuado. La opci\u00f3n \"strictrtp\" en rtp.conf habilita una caracter\u00edstica de la pila RTP que aprende la direcci\u00f3n de origen de los medios para una sesi\u00f3n y coloca cualquier paquete que no se haya originado a partir de la direcci\u00f3n esperada. Esta opci\u00f3n est\u00e1 activda por defecto en Asterisk 11 y superiores. Las opciones \"nat\" y \"rtp_symmetric\" (para chan_sip y chan_pjsip, respectivamente) permiten el soporte RTP sim\u00e9trico en la pila RTP. Esto emplea la direcci\u00f3n de origen de medios entrantes como direcci\u00f3n de destino de cualquier medio enviado. Esta opci\u00f3n no est\u00e1 activada por defecto, pero suele estar habilitada para gestionar dispositivos tras NAT. Se ha realizado un cambio en el soporte RTP estricto en la pila RTP para tolerar mejor los medios tard\u00edos cuando ocurre una reinvitaci\u00f3n. Cuando se combina con el soporte RTP sim\u00e9trico, esto introdujo una avenida en la que se pod\u00eda secuestrar medios. En vez de solo aprender una nueva direcci\u00f3n cuando se espera, el nuevo c\u00f3digo permit\u00eda una nueva direcci\u00f3n de origen que deb\u00eda ser aprendida en todo momento. Si se recibe un flujo de tr\u00e1fico RTP, el soporte RTP estricto permitir\u00eda que la nueva direcci\u00f3n proporcionase medios, y (con RTP sim\u00e9trico habilitado) el tr\u00e1fico saliente ser\u00eda enviado a esta nueva direcci\u00f3n, permitiendo el secuestro de los medios. Si el atacante contin\u00faa enviando tr\u00e1fico, tambi\u00e9n seguir\u00eda recibi\u00e9ndolo."
}
],
"id": "CVE-2017-14099",
"lastModified": "2024-11-21T03:12:08.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-02T16:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873907"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rtpbleed.com"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/873907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rtpbleed.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2019-006.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2019-006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.asterisk.org/downloads/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| digium | certified_asterisk | 13.21.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3000F83F-4D47-4BA8-BF35-844C41BFBE18",
"versionEndExcluding": "13.29.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C549ED-B864-47C9-ACD8-C695FC7DAE57",
"versionEndExcluding": "16.6.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F12809-5F7E-4B99-A028-30B43BAFB5A6",
"versionEndExcluding": "17.0.1",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC7665A-FF2F-4A20-B695-96C2217D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "18C39C0A-7F81-4734-8C1D-4FFDF070F526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F809DB3A-457F-4DEF-9B11-E3FCDF2D8466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "1F170494-F60A-42C2-A2CE-1BB5BDCC8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "2A28B713-6CBB-4F4D-A54B-17758DD35EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7D110F5-E431-4F31-8723-494D20D9108D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en channels/chan_sip.c en Sangoma Asterisk 13.x antes de 13.29.2, 16.x antes de 16.6.2, y 17.x antes de 17.0.1, y Certified Asterisk 13.21 antes de cert5. Una solicitud SIP puede ser enviada a Asterisk que puede cambiar la direcci\u00f3n IP de un peer SIP. Un REGISTRO no necesita ocurrir, y las llamadas pueden ser secuestradas como resultado. Lo \u00fanico que se necesita conocer es el nombre del peer; los detalles de autenticaci\u00f3n como las contrase\u00f1as no necesitan ser conocidos. Esta vulnerabilidad s\u00f3lo es explotable cuando la opci\u00f3n nat est\u00e1 configurada por defecto, o auto_force_rport"
}
],
"id": "CVE-2019-18790",
"lastModified": "2024-11-21T04:33:34.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T17:15:11.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | 13.19.1 | |
| digium | certified_asterisk | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBC6235-486B-46AE-96C1-A8F5B68A1D96",
"versionEndIncluding": "14.7.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
"versionEndIncluding": "15.2.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A0ED4E-446A-4315-BE3A-8647F0ECC624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56E4037E-1F6F-4E1A-8549-38219F0A8E91",
"versionEndIncluding": "13.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Asterisk hasta la versi\u00f3n 13.19.1, versiones 14.x hasta la 14.7.5 y versiones 15.x hasta la 15.2.1; as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.18-cert2. res_pjsip permite que usuarios remotos autenticados provoquen el cierre inesperado de Asterisk (fallo de segmentaci\u00f3n) mediante el env\u00edo de mensajes SIP INVITE en una conexi\u00f3n TCP o TLS para despu\u00e9s cerrar la conexi\u00f3n repentinamente."
}
],
"id": "CVE-2018-7286",
"lastModified": "2024-11-21T04:11:56.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T00:29:01.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103129"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44181/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-10 15:00
Modified
2024-11-21 02:28
Severity ?
Summary
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CE302-AC62-468C-96B3-1EF430825170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BA542E-4667-4D9E-BDAE-FED6CA63F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C8E7EC-0D4C-40E2-9EE1-4AB5F03464D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "93F2B062-09B4-44F1-87E4-6104B757B557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2877B09-B0B9-4AD4-906A-D40E25DDC4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "11AAE0EA-D7EB-4341-A412-FBCDC99565A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "37F93124-25D9-44ED-B4AB-1B3552FCAB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E4CB22F6-9F63-427C-B2D2-7ABB9B4F7694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "758AB27B-7C40-41ED-9FC3-BE3D682EE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "07D3186A-CD6F-432A-8653-4CFBA37B9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "746FB2E6-EF66-4EF3-946C-111FB7728EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "91D933DB-06F7-45A4-A517-BFAEC82DDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AAB500F-8F0D-4534-B659-C495D1799913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F5C5156-CC72-4AB5-A927-E874199EBD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB912D4D-6BA4-4AEF-BBFD-EABFED240015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "68C78C16-3807-4272-9B46-9D9AF5150879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02E13D3A-B37B-4215-82E0-3FCE5E35B00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE0F93D1-7602-47AC-9ACE-AA850D7DFD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "956BCED3-1818-4673-A0F4-E7F03F366D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B58ACCC-0255-46B1-8517-EDCD85AA0F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A921B590-57C2-4E0A-B28B-D0E48F5E1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "70F0AE7B-9E53-4E3B-AA9E-EAF7C4C31E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DE6F187-7236-4622-BD62-1E5F0742B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F70DDB6D-BE16-4375-87AE-E5E2B5862D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6910E07C-3ACA-414F-B468-13E4BF9BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "837A07D7-C2FD-4077-A0AD-AF2147E04B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2A99209-E8C5-44E6-A8DA-7FC07FBA6D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18985B4A-4C54-4EC6-9274-15E7DCFEC94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "48AE70AD-85BE-44DE-BC75-1690C27821B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "804F861A-81E1-45C5-A7D3-0E73770AC155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AE503BD-F9BD-4396-B27D-184AE06F594D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9CD9A213-27F7-410E-97B1-E7405B4FCECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "10FFDE4F-0B30-43C3-9475-80259D5E9055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5F30E2AB-B354-4583-9D76-9DF1727407A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBDFE57E-EEBF-4722-B6D0-147F72018DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902A2600-49A7-4013-A621-9EE94F1E8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7021D54A-D443-492A-AE8C-62F2B85A1F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B003CB5A-A95A-481F-B762-79C476829D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84C8BB88-FBE3-4C82-9D53-E34AA7B6A73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F8037EB0-42FA-45BA-9E8E-D279432EC4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "E374559C-E550-4BB9-9682-9C4535EAE9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FFFB7E8B-C963-4ACB-AE37-9E4938A5462E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAD3-3CC1-4C1B-AAB8-0FE03BB67EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3F75AF0-A4E0-425E-B707-ED1F58C9CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "745EC4D8-5E19-48C8-8609-11A74DC18266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1871DC4-AA58-4C04-9D6A-4FF383C56405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8560DBD-A70E-4033-AE2E-96DA373AB425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08ECE50-3A53-45C1-8BEA-8B9E024E22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "59C2E58B-EEB3-4E8D-940C-2DF846923B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D40F2ADC-6F79-410F-9063-1354C15F0D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert10:*:*:*:*:*:*",
"matchCriteriaId": "27E0B1E7-1DA3-47C4-AA2A-54D4C2C48A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E55195-84CC-46DB-9E49-DEB864DF0659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F58B52D-9510-465F-8BFB-6896B4D36F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "59E72AD4-90BE-4C3B-B457-31FF193712FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81EB266E-40BC-45EA-8EDB-4766011C460B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E23FCBC3-30EF-47BC-AEFE-073E84B6DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5AB33EDF-29D7-4092-91FE-505B39D3E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F698874-028E-410B-90FE-FDD441F55C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "081DA344-7266-4D67-8B92-830F43B42CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "01851B4A-F7CB-4263-B06C-92D39A693530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BB95638-D09F-4F02-9076-49BE93F2A407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E2DD3AF-EF01-4A1A-AF9A-98575E36D088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "163E8F93-432A-4F68-B309-7A38AE1A30FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F53C384F-75DD-4A29-8907-BA95F08B1465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
"matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert6:*:*:*:*:*:*",
"matchCriteriaId": "593ED9E3-D56C-4336-976B-27D30EED658A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "E63726F0-3BC6-49E7-BDE9-71196B480149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "677AB746-AE4F-46B0-BEE3-82A1FE77271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "92AC8BBA-6487-449D-A070-2450B1BDE8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "A5DCA653-B269-4C8C-97DD-92514461B090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C675C7BA-65E9-4A0A-9A6D-1EBCBEA1D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.8 anterior a 1.8.32.3, 11.x anterior a 11.17.1, 12.x anterior a 12.8.2, y 13.x anterior a 13.3.2 y Certified Asterisk 1.8.28 anterior a 1.8.28-cert5, 11.6 anterior a 11.6-cert11, y 13.1 anterior a 13.1-cert2, cuando registra un dispositivo SIP TLS, no maneja correctamente un byte nulo en un nombre de dominio en el campo Common Name (CN) del sujeto de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL arbitrarios a trav\u00e9s de un certificado manipulado emitido por una autoridad de certificaci\u00f3n leg\u00edtima."
}
],
"id": "CVE-2015-3008",
"lastModified": "2024-11-21T02:28:30.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-10T15:00:10.240",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74022"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 04:11
Severity ?
Summary
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E88E5DD3-A16C-4026-A7E3-02C5C8AEFA0C",
"versionEndIncluding": "13.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBC6235-486B-46AE-96C1-A8F5B68A1D96",
"versionEndIncluding": "14.7.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D63485A9-4464-49C7-ACF8-826303D8C152",
"versionEndIncluding": "15.2.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
"matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
"matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56E4037E-1F6F-4E1A-8549-38219F0A8E91",
"versionEndIncluding": "13.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de desbordamiento de b\u00fafer en Asterisk hasta la versi\u00f3n 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, as\u00ed como Certified Asterisk hasta la versi\u00f3n 13.18-cert2. Al procesar una petici\u00f3n SUBSCRIBE, el m\u00f3dulo res_pjsip_pubsub almacena los formatos aceptados presentes en las cabeceras Accept de la petici\u00f3n. Este c\u00f3digo no limitaba el n\u00famero de cabeceras que procesaba, a pesar de tener un l\u00edmite fijado en 32. Si estuviesen presentes m\u00e1s de 32 cabeceras Accept, el c\u00f3digo escribir\u00eda fuera de la memoria y provocar\u00eda un cierre inesperado."
}
],
"id": "CVE-2018-7284",
"lastModified": "2024-11-21T04:11:56.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T00:29:01.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040416"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44184/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 15:55
Modified
2024-11-21 01:45
Severity ?
Summary
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE324AC-5231-43DB-B077-EA1E0145FF5B",
"versionEndIncluding": "1.8.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5552D1C-C05A-4B67-A025-BBD3022C7B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F8B72-EEC9-4021-B320-8CB6E83856F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A0F946-6A51-4E4D-8E8A-CA6DF222289F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C7619B8-B986-4B24-BFFD-956A1A6780FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CF339A-A38B-40CE-9811-A6CE77B29025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13856847-32A8-401D-A6DC-8DB96AE739FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8E8F4ED-AA7B-4B19-8416-6BC0608C760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B7A900B2-0F3C-450E-8933-BDD5C9627EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52B5F73C-174A-4A0B-8D14-EC10779FC884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "BF86A1A0-D3D7-485A-A46C-7619F74CE821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
},
{
"lang": "es",
"value": "Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones v10.x-digiumphones anteriores a v10.11.1-digiumphones, cuando est\u00e1n permitidas las llamadas an\u00f3nimas, permiten a atacantes remotos a provocar una denegaci\u00f3n de servicio(consumo de recursos) haciendo llamadas an\u00f3nimas desde m\u00faltiples fuentes y en consecuencia, a\u00f1adir varias entradas a la cach\u00e9 de estado del dispositivo."
}
],
"id": "CVE-2012-5977",
"lastModified": "2024-11-21T01:45:38.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T15:55:02.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 11:52
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE324AC-5231-43DB-B077-EA1E0145FF5B",
"versionEndIncluding": "1.8.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBE5780-D503-46D1-BE04-4CB7B662B5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB19323D-208F-45F9-85F3-BAA5D1BC3AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09334CAB-9ADB-49BB-BE83-BBAC6A7A9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DEEF5-7277-4E38-9233-E3612CD77CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0D613-3D04-4902-9707-E743F30CF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54AB61A7-E143-4BEC-8658-68FF615B007E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5552D1C-C05A-4B67-A025-BBD3022C7B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F8B72-EEC9-4021-B320-8CB6E83856F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A0F946-6A51-4E4D-8E8A-CA6DF222289F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C7619B8-B986-4B24-BFFD-956A1A6780FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CF339A-A38B-40CE-9811-A6CE77B29025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13856847-32A8-401D-A6DC-8DB96AE739FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C8E8F4ED-AA7B-4B19-8416-6BC0608C760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B7A900B2-0F3C-450E-8933-BDD5C9627EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52B5F73C-174A-4A0B-8D14-EC10779FC884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "738F68B3-2C5E-4A09-8FF4-2D034ED0C54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6A60C223-AD68-4BFF-91C1-2C7E9F727AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*",
"matchCriteriaId": "4C313F81-8B38-4845-B1C7-CBB23D7C99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*",
"matchCriteriaId": "A08731AB-1E43-48B9-AB4C-0B06A34D0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*",
"matchCriteriaId": "5A4FBB03-4A60-4A34-855B-74C5079F7769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*",
"matchCriteriaId": "66E97D3F-3AEB-40EB-87E7-18EC7A84F0CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "BF86A1A0-D3D7-485A-A46C-7619F74CE821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E65E012A-49B6-4796-B1FA-A83C9248D0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "9F4C24B7-22E3-4E56-9B9F-414101B627FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1813B898-F957-40D7-AF9A-064FB57D5C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "C5D07DB0-7C6A-4490-8FD0-DC83568E0421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones 10.x-digiumphones anteriores a 10.11.1-digiumphones permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edde del demonio) a trav\u00e9s de datos TCP usando los protocolos (1) SIP, (2) HTTP, o (3) XMPP."
}
],
"id": "CVE-2012-5976",
"lastModified": "2024-11-21T01:45:37.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T11:52:14.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-22 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "236D459B-ED50-4A2F-B463-D2F9DD1C7E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EEB00A-68B0-4CDE-B625-AB83B1D6D2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.32.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "72195459-404F-423E-A78C-DE2A728AFDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F79D5F-EB28-417A-86DF-053D6EDBA161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A036F91-70E0-4E97-9896-EEE97BE3C20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "791700CD-E007-489E-9BC6-37025CAA8144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4061B4C7-8315-450C-866A-C4F3A6BCB1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C6EA7154-7F08-4E43-9270-E617632230AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "4149F36C-D455-415F-93D7-F92EEE41419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2DC51129-8F38-4505-90FB-4FFDED45BABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CA571E0-B513-47AA-95BE-EB4DD2AA91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62DFFE-637B-4911-B3B4-6DA4053CBDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "96C7950F-41D1-46B5-BA62-E8450CB81244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C9A32ECC-E208-4834-8EF7-FEF7A3495041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C5D35-A6AE-4A2E-98C5-CB58FF22AF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AA3E0D41-2E6E-4294-8E56-1A738A7F9AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D16109B8-4CDF-46FC-9AD9-A158E532791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4D1A5A-99A3-4D23-B40C-BBE11EA5B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F5EE428-98FF-42BC-9F61-311327B8F610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBA2FD08-D761-410F-9804-A76F0DD77349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74B34C21-D90B-4E32-BBA6-7773DB663F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3AF185-7AC6-491E-9BE0-8ECD163A3E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90996D49-5731-4F7D-9DBE-D0599A5D85A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D3C91C8D-707D-443D-985F-FA3EDB181208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.21.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "25E7F7F5-E85A-4720-B5C9-2B776B04D904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD16DF-C47C-41CF-8CDE-C365103262A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43C06F98-62F4-4008-A463-2791BEDF6DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B98A2EA6-DCC6-4F8B-B132-6692AED16CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "672EDC0E-D70A-4BB0-B7FE-5D422C737862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "C779E0D4-0375-4BE8-9667-A32C68B66D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "6DEF3D58-73E0-402A-A15F-05CA72B5B288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8E9E50F8-0123-4C9E-88E1-5DCE08770B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F7C605A3-8517-4215-9AD3-980D587B22DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "866815AE-D1FE-460C-A3BC-70C251655C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44746060-BC6F-4E6D-BA81-61623B2D27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47548ADE-255A-4355-BD06-1FEF134C1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC4D9-8054-4F42-BE7E-5092F6648F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A7DBB5-999C-4AE8-BC5D-F0C5F77957DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1EA7C5-CE37-4A7E-AF81-636228F3BA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905722CB-4B6C-4849-88CD-22E972432E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10823FD4-D618-4050-91D7-CBDE69BC570D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9365B811-5620-42F0-9400-5EA49361D2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert10:*:*:lts:*:*:*",
"matchCriteriaId": "BB47EA31-CF9D-4752-804B-7804151EC87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert11:*:*:lts:*:*:*",
"matchCriteriaId": "A1C9B744-1745-4E9D-A2DE-4659295508D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:*:*:*:*",
"matchCriteriaId": "A98B11B5-B8E2-4903-B4F7-3AC23751AE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert6:*:*:lts:*:*:*",
"matchCriteriaId": "6DAF6784-0B31-4104-9D85-473D5AFAB785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert7:*:*:lts:*:*:*",
"matchCriteriaId": "77B06B83-D62C-4A0E-BE94-83C9A02CE55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert8:*:*:lts:*:*:*",
"matchCriteriaId": "CAD17809-CBB1-4E41-99C9-20FE56853563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert9:*:*:lts:*:*:*",
"matchCriteriaId": "066453F2-A77F-4E82-8C91-AC17FAA21A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74CB86-72C3-4913-8EB6-3BBA1D3BC65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert1:*:*:*:*:*:*",
"matchCriteriaId": "0C6CF412-290C-4524-9AFE-D58A85183864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1:cert2:*:*:*:*:*:*",
"matchCriteriaId": "BA3211EE-E305-4247-AA2E-910E48CBCDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68ED1E-8D2B-4AEE-B5DE-FD50338BA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA9F296A-4932-4EA4-8B38-80856A9D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B40673A6-2980-440A-B78E-D5C7095E3FA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3 permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero no inicializado y ca\u00edda) a trav\u00e9s de un error de longitud cero corrigiendo la redundancia de paquetes para un paquete UDPTL FAX que se ha perdido."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2016-2232",
"lastModified": "2024-11-21T02:48:05.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-22T15:59:01.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034931"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-09 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0992625B-012F-40EA-9A20-6352E633F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3828876-DDB4-457D-8E50-43A4FF761005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79283554-AF08-44DC-BF98-446C47AA490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EBFD0B-686F-477F-8FF2-535F24A3348B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0961F130-FF8C-41C2-BF2E-9731ED9EB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE78F4A2-B165-446C-AA1C-7A9E13718C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9789FC49-DE20-4477-B9D5-12CB71F42E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD97918-B589-4422-B695-C3C00203A3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1E59E84-F3FF-44FF-BC7D-31F3880E32F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D9C7006-F5B1-4171-BB44-182C39DE3AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D2B210-3ADA-40AD-A575-DB88A9F71C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7C53CD-260C-49F5-BCA4-E1D0A58E0B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB19B2F7-5685-449F-858C-C226D2A373B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D10B9E8C-3B72-490B-A276-A745299DA3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E63CF763-0682-4453-8D07-C9253C179486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDB7AA1-25A7-4BED-A875-C0494E973EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0BCE319-8C87-4521-BEAA-02F0EF47B315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A2534F0-3DEE-4FCB-B15D-97D1836CE83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D3F38B78-8215-43D6-8C5C-6DB8E6C34F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B76B-4713-4281-AB4B-B17901121B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "08EE9963-2A44-48A0-8A1B-919CCE3652FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19C7B58B-6591-45B5-B527-50FA0A5BD1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05D3825F-3B95-4056-AF3C-43269734BA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "806F60DA-FAA1-4C13-889B-0FF518C01E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
},
{
"lang": "es",
"value": "El controlador de canal SIP (channels/chan_sip.c) en Asterisk Open Source 1.8.x (anteriores a 1.8.23.1), 10.x (anteriores a 10.12.3), y 11.x (anteriores a 11.5.1); Certified Asterisk 1.8.15 (anteriores a 1.8.15-cert3) y 11.2 (anteriores a 11.2-cert2); y Asterisk Digiumphones 10.x-digiumphones (anteriores a 10.12.3-digiumphones) permiten a un atcante remoto causar una denegaci\u00f3n de servicio (referencia a puntero nulo, corrupci\u00f3n de memoria, y ca\u00edda del demonio) a trav\u00e9s de un SDP inv\u00e1lido que define una descripci\u00f3n de medios antes de la descripci\u00f3n de conexi\u00f3n en una petici\u00f3n SIP."
}
],
"id": "CVE-2013-5642",
"lastModified": "2024-11-21T01:57:52.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-09T17:55:06.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96690"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62022"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028957"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-09 00:29
Modified
2024-11-21 03:16
Severity ?
Summary
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 | |
| digium | certified_asterisk | 13.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDB1A9-AC31-4A47-A222-0C4E17274A02",
"versionEndExcluding": "13.18.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861B3BC-A35A-4617-A24E-F88D27DBE3F6",
"versionEndExcluding": "14.7.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651DC4FA-A4EF-40DC-9B54-3ED928A7531A",
"versionEndExcluding": "15.1.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7233B5A2-E1CE-4B7E-99FA-26369B892B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "F051FE7D-0695-4552-BC1C-836076825606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E9DFD7C-9ED1-4561-8AFF-69D98E8E398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "CA8BFAC6-17A7-4B80-B436-0FFA4B9EA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "954376A0-A03C-47D9-BC5E-14B005DB3940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*",
"matchCriteriaId": "07BB081F-504D-42E3-9CDE-4005572CA0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
"matchCriteriaId": "9F379170-DC3B-41B8-B950-7E0E1E6002AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
"matchCriteriaId": "338BFA7B-AA84-483F-B298-BC932728E0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert4:*:*:*:*:*:*",
"matchCriteriaId": "0A4D417F-485E-4CAD-8542-A22BBA2869E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert5:*:*:*:*:*:*",
"matchCriteriaId": "61F70CD2-1727-4955-A81B-8927AEF468ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.13.0:cert6:*:*:*:*:*:*",
"matchCriteriaId": "A9437455-90FB-4F90-B246-A37E558C9CE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer se descubri\u00f3 en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. No se realizan chequeos de tama\u00f1o cuando se configura el campo user para Party B en un CDR. Por ello, es posible que alguien utilice una cadena arbitraria con una longitud larga y escriba m\u00e1s all\u00e1 del final del b\u00fafer de almacenamiento del campo user. NOTA: esta vulnerabilidad es diferente de CVE-2017-7617, que solo trataba del b\u00fafer Party A."
}
],
"id": "CVE-2017-16671",
"lastModified": "2024-11-21T03:16:47.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-09T00:29:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-09 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1224686C-8A1E-40E1-ACB9-87F571641EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B63FB1C5-9704-4C6A-8DE6-2283D1993BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE14D16B-4903-47BD-BCBD-28A8B6B878E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DDE265-B4B9-495A-95F7-0910E8199980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B7AE7FB-8170-41AD-9597-07335D36AE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "9131FB32-E3F0-476C-A0D1-36E2101631D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "5209356B-4A86-4C93-9D04-C66969F23BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9AF5750B-2348-4E35-9F08-27E2385E329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0344FE7-952A-4BC5-A31F-F2C5EABDB5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*",
"matchCriteriaId": "960521C4-9004-4412-8A38-66240C4B875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00F26342-110F-4163-AD11-98AA3B71D299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8652FA73-2F02-401C-890F-0544276294D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "El controlador de canal SIP (channel/chan_sip.c) en Asterisk Open Source 1.8.17.x hasta 1.8.22.x, 1.8.23.x (anteriores a 1.8.23.1), y 11.x (anteriores a 11.5.1); y Certified Asterisk 1.8.15 (anteriores a 1.8.15-cert3) y 11.2 (anteriores a 11.2-cert2) permiten a un atacante remoto causar una denegaci\u00f3n de servicio (referencia a puntero nulo, corrupci\u00f3n de memoria y ca\u00edda del demonio) a trav\u00e9s de un ACK con SDP a un canal previamente cerrado. \n\nNOTA: algunos de estos detalles fueron obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-5641",
"lastModified": "2024-11-21T01:57:51.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-09T17:55:06.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96691"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028956"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-12 04:29
Modified
2024-11-21 03:44
Severity ?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2018-008.html | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/104455 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-27818 | Patch, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201811-11 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2018-008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104455 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-27818 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201811-11 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4320 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.18 | |
| digium | certified_asterisk | 13.21 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85FB9D68-8BEE-40F5-8175-DC62C0EAFE8F",
"versionEndExcluding": "13.21.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33B74E57-BD3C-4C54-A27C-F32DEF133390",
"versionEndExcluding": "14.7.7",
"versionStartExcluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41536B2F-2D75-406D-95CC-64889838F0B1",
"versionEndExcluding": "15.4.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert1:*:*:*:*:*:*",
"matchCriteriaId": "05795EED-0473-4806-A9AD-FD92212CCC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert2:*:*:*:*:*:*",
"matchCriteriaId": "C3F701AA-E842-4680-9747-000C3A4F6E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.18:cert3:*:*:*:*:*:*",
"matchCriteriaId": "4B0FC294-F910-491B-9DEF-9FFEACA208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:13.21:cert1:*:*:*:*:*:*",
"matchCriteriaId": "B7EE2BD3-51DC-4DA5-A5F2-6275F5277BE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Asterisk Open Source en versiones 13.x anteriores a la 13.21.1; versiones 14.x anteriores a la 14.7.7 y las versiones 15.x anteriores a la 15.4.1, as\u00ed como Certified Asterisk en versiones 13.18-cert anteriores a la 13.18-cert4 y 13.21-cert anteriores a la 13.21-cert2. Cuando las reglas de lista de control de acceso (ACL) espec\u00edficas del endpoint bloquean una petici\u00f3n SIP, responden con un mensaje de error 403 prohibido. Sin embargo, si no se identifica un endpoint, se env\u00eda una respuesta 401 no autorizada. Esta vulnerabilidad s\u00f3lo revela qu\u00e9 peticiones llegan a un endpoint definido. Las reglas de lista de control de acceso (ACL) no pueden omitirse para obtener acceso a los endpoints revelados."
}
],
"id": "CVE-2018-12227",
"lastModified": "2024-11-21T03:44:49.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-12T04:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-09 22:55
Modified
2024-11-21 01:41
Severity ?
Summary
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5B9023E8-DB6F-4DE2-BB1E-D941BE279477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asteriske:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6135C4-7930-4DD5-80CD-4DC7F53956D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687ED3CE-67C4-410D-8AF4-C769015598F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "30E918CD-89C4-42DA-9709-E50E0A3FA736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DA57FA15-D0D7-4A97-9C25-6F6566940098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A1C45300-A2CF-40E7-AB67-23DC24C31A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "958081DC-1D77-45CD-A940-C7A1AB42C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "298A879D-4F65-4523-A752-D17C4F81B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB07BE-54C4-4972-A05F-D1E2CF4363CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC63564-A84E-463D-8312-DDF1C6B7796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62A0906E-B631-4F3A-9ABC-9A43A43220BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6314ADA-2849-416D-966E-C01C322EF904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CB1DD-614A-4B3D-99AE-9B1341427024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B04F-3746-4F1C-8428-A1FA10253E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20819080-E0AB-4879-B4CF-A154D6F7EF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C45753-E2CC-4F7C-B8DA-3D8CF255EA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5A080197-D6AA-4FDC-888E-51D1C8251E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F08D930-D4C1-4C63-875C-171C46AE97C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AA43D7D-AEAD-47CB-BFA5-B73004A1A7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B5ED5F6F-166D-4610-8939-A33AD45F1ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D40002A-564E-425C-BA2A-7C4A8F8DAFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "521C4DB2-7127-4BA9-94FC-AB0E9E06FE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C905DC1-8AB8-4D83-BB5B-FA4DABC58229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ECC74B5D-97A1-46FF-AFA3-5D5E4A0BF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D98C7C-94A8-4348-AF22-04A41FB6F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D39A99-E9A6-4860-BC61-56CA2FC3238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "845DA0A4-1983-4E82-99C8-B7FBF47C632E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A63FBB7-F1CF-4603-848F-980742D2ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10B2084F-3AF4-4008-899C-6C1E43715201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "217C13A5-9F8A-4392-858F-2FC88B03EB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B282462-900C-492E-98DE-65364E62F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "687784F0-9ACC-435D-81F9-1E1B0F61010C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D7D020C-FE32-408B-BE37-58835FD3D95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B7938F-7370-4F67-B0CD-1C14DE2E4E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC587195-5973-423B-8BF9-3E0B27363B76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "C63C46CC-02E2-40AF-8281-F2FB5D89823A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "71BAF2A7-024D-475A-88C0-0F5ADE3CA286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "82F91FE8-C320-466B-AF08-67319A00A2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "DCFF0E1C-B455-4C18-8AA1-10408234327B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "6372EEEA-2759-4B6A-BD03-D84DC956E80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "26DF0C53-9F6A-4233-B163-AEC1F9886387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "79A063D7-553F-486F-9079-D95C8047B05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B606D854-FC06-4314-AD24-FEEA3796A0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "DEBB0786-D912-48D1-BC63-E0F87E078154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1C39DD70-1220-4CC6-95B4-CE18CA5787CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B0005F0B-9C87-4160-9416-A7C136FCD5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "12073B6A-14B1-490B-B267-A68194C68BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "198C92F2-8268-4045-B297-17E0D1F9726E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5D3A3C00-EA83-4EF4-8681-DB5616132607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "5FE59F0F-44B0-4940-8368-F360EE610114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3647F0E3-196F-486B-9BAB-75ED24A055ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "1FBC4A5F-FB16-42B2-9689-25F8B3D0F521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B788D6E2-78E8-4DE1-81F5-40D52263E7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "51358F60-4D6C-4DBA-86B0-E12C48A67456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D51C9952-97F4-4326-8F7D-34579D3686AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*",
"matchCriteriaId": "3711A75C-AF87-4A5C-8B35-1CF834C12D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "E7FFD09D-21A3-4E98-B1FA-C7A16C243D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "FAC6591A-BC5A-4CA9-90BC-0B686F74127B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "01BAF29D-8679-40F3-AB6C-DA5C3787271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "B42229C3-B18E-4D50-9B98-202CB1805CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*",
"matchCriteriaId": "15DF192B-A8D5-4FCC-B469-505A8FA11D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*",
"matchCriteriaId": "D24E01F7-604D-4D05-B698-3BDEF7B69EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*",
"matchCriteriaId": "A54A74F4-8A6C-4090-88C2-8AB5A606C59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
},
{
"lang": "es",
"value": "vulnerabilidad de doble liberaci\u00f3n en apps/app_voicemail.c en Asterisk Open Source v1.8.x anteriores v1.8.13.1 y v10.x anteriores a v10.5.2, Certified Asterisk v1.8.11-certx anteriores a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anteriores a v10.5.2-digiumphones permite a usuarios autenticados remotos a provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) debido al establecimiento de m\u00faltiples sesiones correo de voz y accediendo a buz\u00f3n urgente (Urgent) a trav\u00e9s del buz\u00f3n de entrada INBOX."
}
],
"id": "CVE-2012-3812",
"lastModified": "2024-11-21T01:41:40.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-09T22:55:01.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54317"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-15 05:15
Modified
2024-11-21 06:54
Severity ?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1533FF1D-ABC5-4F45-8FB4-7441C03422F4",
"versionEndExcluding": "16.25.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496A20DA-23D7-435B-8EA9-3AC585DAAB72",
"versionEndExcluding": "18.11.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD25061-F1D0-4849-9905-CB4AEDC59363",
"versionEndExcluding": "19.3.2",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert10:*:*:*:*:*:*",
"matchCriteriaId": "B416D491-F0D0-4F9E-BEE0-236D9FFF03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert11:*:*:*:*:*:*",
"matchCriteriaId": "A21DB030-7BE3-4ED0-8212-7FACC715136F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert12:*:*:*:*:*:*",
"matchCriteriaId": "8BF4E88F-5400-4B79-ADBA-ECED941AF092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert13:*:*:*:*:*:*",
"matchCriteriaId": "21C227EC-7084-4F08-AA04-271DB4561823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Asterisk versiones hast 19.x y Certified Asterisk versiones hasta 16.8-cert13. El m\u00f3dulo func_odbc proporciona una funcionalidad de escape posiblemente inapropiada para los caracteres de barra invertida en las consultas SQL, resultando en que los datos proporcionados por el usuario creen una consulta SQL rota o posiblemente una inyecci\u00f3n SQL. Esto ha sido corregido en versiones 16.25.2, 18.11.2 y 19.3.2, y 16.8-cert14"
}
],
"id": "CVE-2022-26651",
"lastModified": "2024-11-21T06:54:15.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T05:15:06.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 20:15
Modified
2024-11-21 05:56
Severity ?
Summary
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7382B641-0396-456F-BF33-3F6412E35F2D",
"versionEndExcluding": "16.16.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BA8606-ADA9-4841-A7E2-A9165138849A",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8661F7-03A5-4850-BEF7-E306AECE3037",
"versionEndExcluding": "18.2.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el archivo res_rtp_asterisk.c en Sangoma Asterisk versiones anteriores a 16.16.1, versiones 17.x anteriores a 17.9.2 y versiones 18.x anteriores a 18.2.1 y Certified Asterisk versiones anteriores a 16.8-cert6, permite a un cliente WebRTC autenticado causar un bloqueo de Asterisk mediante el env\u00edo de m\u00faltiples peticiones de hold/unhold en una sucesi\u00f3n r\u00e1pida.\u0026#xa0;Esto es causado por una discrepancia en la comparaci\u00f3n de firmas"
}
],
"id": "CVE-2021-26713",
"lastModified": "2024-11-21T05:56:43.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T20:15:13.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "6BB940E4-E612-4B27-9188-E794665191B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "2365F1EE-16A4-4293-B80E-A51CD6A2F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "6952FFDE-92D0-4A75-AABB-113E6FAF5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "5735354A-CF57-4A9A-9607-169CE50E0655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1_rc3:*:*:*:*:*:*",
"matchCriteriaId": "38E0B2C4-55EA-4712-8E75-24A5718F9FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F087C546-FBCA-4D0D-A023-8F9384CD160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert3:*:*:*:*:*:*",
"matchCriteriaId": "832F5503-6354-4E39-B927-3BA9606A372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert4:*:*:*:*:*:*",
"matchCriteriaId": "9E23AF8A-63B2-4597-8E78-A4672B0C44B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert5:*:*:*:*:*:*",
"matchCriteriaId": "F76EA1D5-F5F3-49CE-9A73-20FA03C31F88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6344E43-E8AA-4340-B3A7-72F5D6A5D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4C170C1C-909D-4439-91B5-DB1A9CD150C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EE821BE5-B1D3-4854-A700-3A83E5F15724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "149C57CA-0B4B-4220-87FC-432418D1C393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "035595D5-BBEC-4D85-AD7A-A2C932D2BA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6DAF5655-F09F-47F8-AFA6-4B95F77A57F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8E001D8-0A7B-4FDD-88E3-E124ED32B81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9D5CFFBD-785F-4417-A54A-F3565FD6E736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D30EF999-92D1-4B19-8E32-1E4B35DE4EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A67D156B-9C43-444F-ADEC-B21D99D1433C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "893EB152-6444-43DB-8714-9735354C873A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8447EE7-A834-41D7-9204-07BD3752870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C04F2C9-5672-42F2-B664-A3EE4C954C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33465668-4C91-4619-960A-D26D77853E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD08674-0B44-44EA-940B-6812E2D5077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE87710-A129-43AA-BA08-8001848975FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F582C6E-5DA0-4D72-A40E-66BDBC5CF2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CEBB8-01B3-4A05-AFE8-37A143C9833E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "522733A7-E89E-4BFD-AC93-D6882636E880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAC47DD-B613-43E4-B9BF-6120B81D9789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "86D20CB5-60E8-405E-B387-CF80C7DA5E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "71AB5A01-5961-4053-9111-CF32C6473A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "77D8E1DC-041F-4B87-AF9A-E0EC4D6A4BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCCB892-30CE-4BEF-904E-5D957F94D0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F156798F-F2EF-4366-B17E-03165AB437D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFBB9A6-DD1D-436E-919F-74A3E4F40396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "054E34C8-B6A5-48C7-938E-D3C268E0E8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DCECA72-533A-4A95-AB19-20C5F09A1B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E2309F8-AFEE-4150-99D1-BA606432ED73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7785F282-BFA0-400A-8398-872ACCA4BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1278D3FB-78C6-4F7D-A845-0A93D4F6E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C00A6EFB-A848-46D3-AAD7-FD8140007E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E3972-5C53-4B6D-BFE1-67E1122EA013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "048617A0-A783-4519-A947-35220D4CD786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD493A41-E686-444C-A34E-412804510F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87D25FD6-CC3A-4AB0-B7B1-67D07386F99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C402E9E-09CC-4EFA-AC27-156437B05B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A41F9C-D2F4-47A9-80CD-2B1BF6B0CB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "627FF5B9-E5A8-4DBC-A891-B175011E72A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6146EB2E-BA32-4408-B10B-A711EC39C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1C863324-05AE-4FCA-BD2E-39040A468DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A85F51E7-0AAE-4F3B-9F90-BD2E31255822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "315FB0D4-D4A4-4369-BFB8-F2CAEB429015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC74D6C5-F410-4B68-AF92-056B727193A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B70911F8-A526-4600-8198-03FF4CCB28DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA60A9C9-C2EF-4971-BEFB-FF687DAEF2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "984CD6D9-4A54-4065-8401-DC555AB95425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "CDE13439-4124-4BDE-A068-460BCF96419B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BAFB22FA-CC24-4AFE-AC83-2D044563F7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "00F3EB0D-7C63-46B5-BA95-8486B9716C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00C1BF3B-7593-478D-9AAA-153901C70286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "82423EC2-FA29-4AF6-86C3-6AC6DFDC4DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "5F86406A-0936-4A06-88FB-4137A64498EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "672CE4C0-EBD6-470B-937E-810FF1C4CDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88DB1105-74D8-4312-9D02-D1E21F2E785C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "404C0557-6229-4D90-BFDD-54AFFCCE6A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F4DC562-649E-4105-8B3E-43F02BD593FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D1D26CC-891F-4396-B7D7-30D712829E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F25B61EA-F4D1-452A-9D96-B8DFDD719B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9324AB96-EC99-4F04-A0A9-00F936C86EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8B5E76-4A74-4E88-8A6F-C23538B7642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB6BBCA-47CE-49B8-9706-AFDE4BE46550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFF65E2-692B-4C39-88FC-6DED8D9A7258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5260E309-9320-4DB8-A918-7D215BF95D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "58F4BFC9-E02A-4121-8D34-99022AB8B45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "60AFF340-A866-4CFE-9334-53B95FD4AA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74E50309-CD7D-41F7-97DA-A7E451D0796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FD3F8F8-820E-4C29-9F8F-023D1DB999CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C33A6419-0D00-49D6-9A48-2B633610AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "447E07C9-4A25-418D-B53F-609B78EE4C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AE686-B618-4B0D-BD27-1F96295E964D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9C806F87-C897-48E4-8533-A4EBC6B77078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "08B8C143-93FF-44DD-8F61-6F4FEE977371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E9751C0A-84F5-4A43-8282-12A9DE559569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F67E2694-F6F1-482C-91F2-D9FD856EA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D53AA-8D50-445F-9500-2F580F260DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8859F234-5066-40DD-862C-0F3CCA98AFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.11.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "75962F03-EC19-4920-9FA7-2D422E6E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D7D88-D64F-4F54-8C84-6AC45FBD36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67AB282-591C-4ED7-9750-C593A38D5D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5D0BB0E-1BB0-4F31-9C5D-DC1A069E52DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9F8F881-2BF7-44AB-8756-54A06801EB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "36EFF3C4-4D00-4BC5-94B9-403BB00C6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5E434F10-395E-426E-A988-4CDA504577D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33FE3DCE-74B5-49A4-BC18-34B22CA83947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2E25F3-053D-4F7D-A35D-706A401CCAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8880AE7C-3E44-4B76-B500-E93868D4CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C94269D-A271-42AC-A44C-102C814E564B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7E5B826-D3D5-4D2D-BB4D-2C1BEDE92456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA564F7-7A69-4805-8C8C-C2EB5E12A6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2A153336-10C4-4C42-AC66-AC1351887EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "0C2FF4E9-2513-4022-AF80-6F44A2287D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DF6FA464-F9D3-4674-844B-A2B2E2C42A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "44722C8B-BB37-4444-A58A-F01D0B3B4DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FABFDB-D99A-4F83-8FEE-3BFA36BA4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "43E00618-19F6-4828-818A-95C9106097B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.14.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "CEC4F4AE-7BD8-437F-8838-FE564BCB7FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A842E112-8974-4E74-AD56-1DEF5B5DD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2BC3B463-6B2C-42AF-BE13-50B7D63E7F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9ACBC01-8A9D-43A5-A825-1CC9670417A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61E7199F-EACE-431A-8ADD-B96A6FCDBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7CD0E5-8E69-43B5-A5FF-8B122475CC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2799111C-06DB-4979-8F81-A8C09D53E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4BEA1B2-2103-4E25-92A9-DB107D6D4AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD9AFFB-F903-43DD-9C1D-4D8E83EA25C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F368897-A481-42DD-A8B0-8AD43A5FD68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4F3C35F1-CBF2-4F77-AC19-574DEF2652A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "75EA94FD-D16A-49BC-A418-36EFC187EC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6BA8F4AF-26C0-4A69-B489-16E7A56E5123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FE82D53D-092D-4B36-A979-23E9A5E07A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "27365383-72DB-4683-9A67-CF553FF2620A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EE63D4-CA9C-4DF4-AF85-B8AC2E3F844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A14FC2A1-29D5-49FE-92A9-D61833BF1C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91407E03-4E98-4DD9-B584-E5BB74F09B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "669CC22C-45E5-40AB-9A95-D7DFD694B688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A38E0C-45D9-4353-8426-87A4CFA371DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5E3C5C1E-67E9-401A-BA52-FCB32CA4473C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "54A934AE-AB7C-4D10-8BA2-9C54410C648F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7A7C5A8E-35E6-4B86-8502-1970031AB987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA4C14B-A01C-4CFE-8985-317ACCDAD209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "501F5764-BBC2-426A-AF01-7FB477850073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "FDB35CE5-4EDB-4949-A5E4-1BD721CCA469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "619704FF-2F0C-47E8-A340-58135CEE6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E412E336-871A-4CAC-97E5-FB203BB9349D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "82ED9CD2-504E-4D7B-B242-2511A7730776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.1:patch:*:*:*:*:*:*",
"matchCriteriaId": "EF6E50F5-605A-4D2B-B55D-8AB251532E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F6C796AE-95EE-4EAB-959C-1C1353C565A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.20.2:patch:*:*:*:*:*:*",
"matchCriteriaId": "EEAF3B2E-E520-4F43-ACC5-0F01A6247199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "085D4102-E2E8-496C-85B7-714FD3639BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC1A0E66-63F4-4BD0-8C9A-3D23A116EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "79963FF0-5ED6-41B6-8E60-146BD7879518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ABBB2C-19EC-4D6C-A1EA-AEF0ABA4123D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0787BC7B-9464-4AAA-896B-C028ECF8E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84C0FBC8-9CD1-4135-94C7-BE90A7C94625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:-:*:*:*:*:*:*",
"matchCriteriaId": "981F3994-392D-47DB-97DA-AC15BA070A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "94691EE6-266F-46CE-B388-0289EB39D91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD3948A1-B5A6-4702-9187-A7720E81B7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BC097BB6-02E9-4F48-98CB-B5F31B41009C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2FD962-B1D5-41E5-884E-0C3F7F9DACE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:-:*:*:*:*:*:*",
"matchCriteriaId": "096E966A-878B-426F-AB40-BB476B17B969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "852DAF2A-86F3-4D05-91DC-6A2FBC214736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7D721486-3043-4380-A73C-44B4DD0E34C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29E2EE-B6E8-4E55-84A8-3BD0658387EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:-:*:*:*:*:*:*",
"matchCriteriaId": "837BF2BD-814F-4503-91DF-EE16B5A4921D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15FCDDB3-62D8-446C-B57C-F3BBFBD13491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.25.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03512BDE-E441-46F6-88B7-16A2468CA199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:-:*:*:*:*:*:*",
"matchCriteriaId": "902CAF9D-9D02-47FA-AE2E-EC1268A32BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80AD87B5-B796-4C44-8A6D-0B22AA2903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87B2B3-E40B-4BF7-91E6-3B3F9CA28719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2575F7A4-E1F1-4836-A467-076EDD8484B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFAFA3-A52F-4FC8-BA51-FE52D5F57DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.27.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6085E437-87B8-4355-BDC0-A14EA4F52695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C44D1ED-2435-4042-BF15-3D752BE0C661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:1.8.28.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "23E4CE5C-375C-4ECB-A4D9-A5A6805E5FE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE062D-4E87-4691-A664-D9E7C02036EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD4A85-26FB-4AE5-9CB7-4DF38DF32482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5234531C-F69A-4B94-A480-147734206C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "321C1066-6800-4488-A7C4-BE91FF738453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FE6DC-17FD-4CEE-BDFB-9D4685640381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEB6C2-0A6D-4434-8446-CB8605CD3B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8788AF7B-CBB6-4D9D-A748-486787935A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03298D9F-CFB8-48F9-BD0C-8A0BEB0760C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A70420A8-8571-4528-98E1-72BE00270C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:*:*:*:*",
"matchCriteriaId": "322694EF-B086-4BE7-A9F0-41D3A9C245FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc1:*:*:*:*:*:*",
"matchCriteriaId": "781AC882-80DD-4176-8E4F-220343B15F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1_rc2:*:*:*:*:*:*",
"matchCriteriaId": "770CCEEA-B121-454B-BD36-3FC1B262998A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:*:*:*:*",
"matchCriteriaId": "013B1940-C45D-4FE2-8B49-D92B8F1A9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCDDF5C2-9B45-4811-90F6-984EF4B220CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "56849E34-B192-46A8-A517-C7C184A901B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4610D544-156F-4E9A-BC46-9E0FF8D5D641",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
},
{
"lang": "es",
"value": "Asterisk Open Source 1.8.x anterior a 1.8.28.1, 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 1.8.15 anterior a 1.8.15-cert6 y 11.6 anterior a 11.6-cert3 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de conexi\u00f3n) a trav\u00e9s de un n\u00famero grande de conexiones HTTP (1) inactivas o (2) incompletas."
}
],
"id": "CVE-2014-4047",
"lastModified": "2024-11-21T02:09:24.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:07.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:14
Severity ?
Summary
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2014-010.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2014-010.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert1:*:*:lts:*:*:*",
"matchCriteriaId": "6AD7C9B3-D029-4E05-8E80-3ADA904FAC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert2:*:*:lts:*:*:*",
"matchCriteriaId": "CE71221B-4D55-4643-B6D1-307B2CF41F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert3:*:*:lts:*:*:*",
"matchCriteriaId": "88124275-9BEB-4D53-9E4D-1AC8C52F2D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert4:*:*:lts:*:*:*",
"matchCriteriaId": "4F3CEFEF-72B6-4B58-81FE-01BCEEFB3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6:cert5:*:*:lts:*:*:*",
"matchCriteriaId": "AA637187-0EAE-4756-AD72-A0B2FABCA070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:11.6.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "D6EE9895-FB94-451D-8701-8C0DD8F5BED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53B8453-F35A-49BE-8129-774BADF71BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CCB0C07E-DA2F-4169-848D-C3315CDC1CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "410C43E6-5912-4C22-A592-7CF94402EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D50A355E-1B55-4DD2-8100-EB81AA6FC40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9ADF4230-EFEB-45EC-9C96-0262B4A3E459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B51588-50A2-40B2-A007-06F57D38C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CDE2B00C-6AC0-4166-8A25-EFC42CE7F737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9FD404B4-2B0A-4D7A-8CF6-E2C6B4BACBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617FC4AF-D152-4EE1-828D-C2A6AD0DFD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31715AF-5A35-4D0B-8E01-BB6E4CB7E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1548C574-CD51-49F6-91B1-B06C504000E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D56C2C11-4B42-43AB-9DAE-61C15D107160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69F2DED4-39F5-44C8-BEA3-22692D28C631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD172E70-238B-4B01-A922-8021B5627092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C689A32B-E87D-492F-B3F6-7B80DFA049C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FB3863D-7F46-4C4A-9E6B-C255CDF0D953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7239304D-C383-4F26-BB08-65ADD2380015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1AC153C2-258E-4EE6-845F-8E8C68AA242D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1453BB31-D674-4A05-AB2A-2502D127C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "229B7982-9775-42AA-B8F5-FE920CCAA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "326845DF-2DB2-406B-BE0F-877384DAACFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E0FC2D46-FD1B-421F-8773-BB41B1E9A831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868865A1-E074-4DB0-A119-D24C5C53FEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1794440C-7068-4673-9142-6221B8A39E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C5CF286B-3377-4AE9-A7B9-8535641D639A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EC8D9D-3483-4080-8000-496343BC8BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6695F632-6AC4-400F-B513-280304ABC1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3423C40-240A-4237-8B0F-A4B4ED421C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24F62C78-2913-463F-B689-353AB2371E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "87FCBE6A-C1CD-48EF-A435-4CEADD46C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42E0E639-70A2-41EE-9B34-A9223D1958AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "32E84D64-0CB8-46BF-BD3F-8CA2E0CE4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A276363F-F897-4E6D-9D55-5F5AA73DEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38230656-6242-4D24-AA67-F42A6FA2FC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "20ED9FC3-5E56-4AE7-903F-267CAE7F2CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "84F88075-9935-45BF-88B7-21ACE8AAB314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB16D9D6-A2F6-4C4B-B364-1B63B1FFB5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "283793E4-0AE8-48D9-ABCF-70E44FE55C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EABFC3-24FA-4441-9F2B-650D90AE5CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3DA61A22-3DD0-46A3-8C13-F25F4F03FD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:11.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD07-103C-4691-AFA4-88C490382F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B446105E-6C8E-495A-BF83-A33CB33485A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B53364B-5278-46E9-961A-192CA334CB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B4D6D24-A718-4962-AD4E-F19AFB03BFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE2F0D0D-761C-4338-93F0-506E94E57000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3D38DFCA-E357-4A28-8F03-FDADF40A5185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F42C9442-9EBC-4CA5-AB1C-BA0662C27BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71762B58-A08B-405B-9596-6D15CF4A95D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA48C05A-E898-42EE-A699-94BBD66E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EDCB78F8-AAC8-44B1-BDF4-C73BC8951EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D92FFF6-E7B2-4210-A652-79AC6B74002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB5E92FB-9CF8-461E-A665-3407D265DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "536F6C10-3165-40F7-931A-23765AB87555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133288EC-8A78-4C9D-BF94-9900CD3D2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2E54998-B257-478E-9E52-2BB4F4CD6429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD4498A-72BD-40EB-A332-DE10C87C1015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71961599-009C-42F4-AA26-9B16C39F3CBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
},
{
"lang": "es",
"value": "Asterisk Open Source 11.x anterior a 11.12.1 y 12.x anterior a 12.5.1 y Certified Asterisk 11.6 anterior a 11.6-cert6, cuando utilizan el m\u00f3dulo res_fax_spandsp, permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un mensaje fuera de llamada (out of call), lo que no se maneja correctamente en la aplicaci\u00f3n ReceiveFax dialplan."
}
],
"id": "CVE-2014-6610",
"lastModified": "2024-11-21T02:14:45.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:02.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-30 14:15
Modified
2024-11-21 06:07
Severity ?
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | asterisk | * | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| digium | certified_asterisk | 16.8 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4276A5-AE30-4AE2-9DC2-4742063B1DAA",
"versionEndExcluding": "13.38.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDB7BB2-CA84-4AF4-A91A-37FCDAED7E7D",
"versionEndExcluding": "16.19.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9931E-4BDC-4679-A879-21C59F79E85C",
"versionEndExcluding": "17.9.4",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4452C0A6-3082-4F14-96B0-73CC70EF1277",
"versionEndExcluding": "18.15.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*",
"matchCriteriaId": "81C3E390-8B99-4EB8-82DD-02893611209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "17DB2297-1908-4F87-8046-2BAA74569D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "CEA2CC40-C2F6-4828-82F0-1B50D3E61F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "32F19F43-C1E8-4B6C-9356-AF355B7320BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "21D1FA32-B441-485F-8AE9-F3A394626909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7795CCF-B160-4B4F-9529-1192C11D7FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*",
"matchCriteriaId": "0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*",
"matchCriteriaId": "C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*",
"matchCriteriaId": "142F1F89-49AC-4A0B-A273-61F697063A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*",
"matchCriteriaId": "53041795-788C-4914-A2F6-41539ABE0244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*",
"matchCriteriaId": "FBB98E65-B2D0-49A4-8BF3-12155E3E13C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*",
"matchCriteriaId": "769C854C-03CD-40A9-B39B-C0CDCA8252EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*",
"matchCriteriaId": "6D86AD6E-4E07-48B0-88D8-E18F277FFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert6:*:*:*:*:*:*",
"matchCriteriaId": "7A643445-8A73-4ACC-8A96-CA8D6AC8B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert7:*:*:*:*:*:*",
"matchCriteriaId": "BD980324-52E2-4D3E-B8D8-52A2DB100306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert8:*:*:*:*:*:*",
"matchCriteriaId": "4D5B8321-033A-47C5-A277-BE056C5ADB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digium:certified_asterisk:16.8:cert9:*:*:*:*:*:*",
"matchCriteriaId": "12A2585A-A13F-4FD5-9A65-273B7D8A99C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Sangoma Asterisk versiones: 13.x anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones anteriores a 16.8-cert10. Si el controlador del canal IAX2 recibe un paquete que contiene un formato de medios no compatible, puede ocurrir un bloqueo"
}
],
"id": "CVE-2021-32558",
"lastModified": "2024-11-21T06:07:16.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:16.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-2947
Vulnerability from cvelistv5
Published
2012-06-02 15:00
Modified
2024-08-06 19:50
Severity ?
EPSS score ?
Summary
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2493 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id?1027102 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html | mailing-list, x_refsource_BUGTRAQ | |
| http://downloads.asterisk.org/pub/security/AST-2012-007.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49303 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "1027102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "1027102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "1027102",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2947",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26717
Vulnerability from cvelistv5
Published
2021-02-18 19:39
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Feb/58 | mailing-list, x_refsource_FULLDISC | |
| https://downloads.asterisk.org/pub/security/AST-2021-002.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-29203 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-002: Remote crash possible when negotiating T.38",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/58"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-002.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29203",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29203"
},
{
"name": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161471/Asterisk-Project-Security-Advisory-AST-2021-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26717",
"datePublished": "2021-02-18T19:39:46",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17664
Vulnerability from cvelistv5
Published
2017-12-13 20:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.digium.com/pub/security/AST-2017-012.html | x_refsource_MISC | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27429 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102201 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040009 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2017/dsa-4076 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27382 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"name": "102201",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"name": "1040009",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"name": "102201",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102201"
},
{
"name": "1040009",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040009"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2017-012.html",
"refsource": "MISC",
"url": "http://downloads.digium.com/pub/security/AST-2017-012.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27429",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27429"
},
{
"name": "102201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102201"
},
{
"name": "1040009",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040009"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27382",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17664",
"datePublished": "2017-12-13T20:00:00",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3863
Vulnerability from cvelistv5
Published
2012-07-09 10:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/50687 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50756 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2550 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/54327 | vdb-entry, x_refsource_BID | |
| http://downloads.asterisk.org/pub/security/AST-2012-010.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-19992 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:03.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19992",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3863",
"datePublished": "2012-07-09T10:00:00",
"dateReserved": "2012-07-06T00:00:00",
"dateUpdated": "2024-08-06T20:21:03.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3008
Vulnerability from cvelistv5
Published
2015-04-10 14:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/74022 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:206 | vendor-advisory, x_refsource_MANDRIVA | |
| http://advisories.mageia.org/MGASA-2015-0153.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032052 | vdb-entry, x_refsource_SECTRACK | |
| http://downloads.asterisk.org/pub/security/AST-2015-003.html | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2015/Apr/22 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/535222/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2016/dsa-3700 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:21.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"name": "74022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74022"
},
{
"name": "MDVSA-2015:206",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"name": "1032052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "FEDORA-2015-5948",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"name": "74022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74022"
},
{
"name": "MDVSA-2015:206",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"name": "1032052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "FEDORA-2015-5948",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
},
{
"name": "74022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74022"
},
{
"name": "MDVSA-2015:206",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0153.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
},
{
"name": "1032052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032052"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2015-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
},
{
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "FEDORA-2015-5948",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3008",
"datePublished": "2015-04-10T14:00:00",
"dateReserved": "2015-04-08T00:00:00",
"dateUpdated": "2024-08-06T05:32:21.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12227
Vulnerability from cvelistv5
Published
2018-06-12 04:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4320 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27818 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2018-008.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104455 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201811-11 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"name": "104455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"name": "104455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104455"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27818",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27818"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-008.html"
},
{
"name": "104455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104455"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12227",
"datePublished": "2018-06-12T04:00:00",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16672
Vulnerability from cvelistv5
Published
2017-11-09 00:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.digium.com/pub/security/AST-2017-011.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101765 | vdb-entry, x_refsource_BID | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27345 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201811-11 | vendor-advisory, x_refsource_GENTOO | |
| https://www.debian.org/security/2017/dsa-4076 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"name": "101765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"name": "101765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101765"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2017-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-011.html"
},
{
"name": "101765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101765"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27345",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27345"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16672",
"datePublished": "2017-11-09T00:00:00",
"dateReserved": "2017-11-08T00:00:00",
"dateUpdated": "2024-08-05T20:35:19.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6610
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:24
Severity ?
EPSS score ?
Summary
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2014-010.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:24:34.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-26T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6610",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-09-18T00:00:00",
"dateUpdated": "2024-08-06T12:24:34.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18610
Vulnerability from cvelistv5
Published
2019-11-22 17:31
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.asterisk.org/downloads/security-advisories | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2019-007.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-007.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18610",
"datePublished": "2019-11-22T17:31:16",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4047
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/532415/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2014-007.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4047",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28327
Vulnerability from cvelistv5
Published
2020-11-06 18:08
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2020-001.html | x_refsource_MISC | |
| https://issues.asterisk.org/jira/browse/ASTERISK-29057 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:31:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-001.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29057",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28327",
"datePublished": "2020-11-06T18:08:07",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17090
Vulnerability from cvelistv5
Published
2017-12-02 00:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039948 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/43992/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/102023 | vdb-entry, x_refsource_BID | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27452 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2017/dsa-4076 | vendor-advisory, x_refsource_DEBIAN | |
| http://downloads.digium.com/pub/security/AST-2017-013.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039948",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-09T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1039948",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102023"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27452",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2017-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17090",
"datePublished": "2017-12-02T00:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26651
Vulnerability from cvelistv5
Published
2022-04-15 00:00
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html"
},
{
"url": "http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26651",
"datePublished": "2022-04-15T00:00:00",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-03T05:11:43.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26906
Vulnerability from cvelistv5
Published
2021-02-18 19:50
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Feb/61 | mailing-list, x_refsource_FULLDISC | |
| https://downloads.asterisk.org/pub/security/AST-2021-005.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-29196 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/61"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-005.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29196",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29196"
},
{
"name": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161477/Asterisk-Project-Security-Advisory-AST-2021-005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26906",
"datePublished": "2021-02-18T19:50:04",
"dateReserved": "2021-02-08T00:00:00",
"dateUpdated": "2024-08-03T20:33:41.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17281
Vulnerability from cvelistv5
Published
2018-09-24 22:00
Modified
2024-08-05 10:47
Severity ?
EPSS score ?
Summary
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041694 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Sep/31 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html | x_refsource_MISC | |
| https://www.debian.org/security/2018/dsa-4320 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2018/Sep/53 | mailing-list, x_refsource_BUGTRAQ | |
| https://issues.asterisk.org/jira/browse/ASTERISK-28013 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201811-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/105389 | vdb-entry, x_refsource_BID | |
| http://downloads.asterisk.org/pub/security/AST-2018-009.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041694",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "105389",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1041694",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041694"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "105389",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041694",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041694"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"name": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "105389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105389"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17281",
"datePublished": "2018-09-24T22:00:00",
"dateReserved": "2018-09-20T00:00:00",
"dateUpdated": "2024-08-05T10:47:04.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14100
Vulnerability from cvelistv5
Published
2017-09-02 16:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.asterisk.org/jira/browse/ASTERISK-27103 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039252 | vdb-entry, x_refsource_SECTRACK | |
| https://bugs.debian.org/873908 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201710-29 | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2017/dsa-3964 | vendor-advisory, x_refsource_DEBIAN | |
| http://downloads.asterisk.org/pub/security/AST-2017-006.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"name": "1039252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/873908"
},
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"name": "1039252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/873908"
},
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27103",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27103"
},
{
"name": "1039252",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039252"
},
{
"name": "https://bugs.debian.org/873908",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/873908"
},
{
"name": "GLSA-201710-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "DSA-3964",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14100",
"datePublished": "2017-09-02T16:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32558
Vulnerability from cvelistv5
Published
2021-07-27 05:19
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Jul/49 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html | x_refsource_MISC | |
| https://downloads.asterisk.org/pub/security/AST-2021-008.html | x_refsource_MISC | |
| https://issues.asterisk.org/jira/browse/ASTERISK-29392 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2021/dsa-4999 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
},
{
"name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html"
},
{
"name": "DSA-4999",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32558",
"datePublished": "2021-07-27T05:19:34",
"dateReserved": "2021-05-11T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8418
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2014-018.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-018.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8418",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8417
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2014-017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-017.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8417",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2287
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/66094 | vdb-entry, x_refsource_BID | |
| http://downloads.asterisk.org/pub/security/AST-2014-002.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-23373 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | vendor-advisory, x_refsource_FEDORA | |
| http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-18T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66094"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23373",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23373"
},
{
"name": "MDVSA-2014:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2287",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2014-03-05T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5641
Vulnerability from cvelistv5
Published
2013-09-09 17:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54534 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/96691 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2013/Aug/185 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/54617 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2013/dsa-2749 | vendor-advisory, x_refsource_DEBIAN | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html | mailing-list, x_refsource_BUGTRAQ | |
| http://downloads.asterisk.org/pub/security/AST-2013-004.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/62021 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1028956 | vdb-entry, x_refsource_SECTRACK | |
| https://issues.asterisk.org/jira/browse/ASTERISK-21064 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96691"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"name": "62021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62021"
},
{
"name": "1028956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96691"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"name": "62021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62021"
},
{
"name": "1028956",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96691",
"refsource": "OSVDB",
"url": "http://osvdb.org/96691"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/185"
},
{
"name": "54617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-004.html"
},
{
"name": "62021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62021"
},
{
"name": "1028956",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028956"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21064",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21064"
},
{
"name": "MDVSA-2013:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5641",
"datePublished": "2013-09-09T17:00:00",
"dateReserved": "2013-08-28T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5977
Vulnerability from cvelistv5
Published
2013-01-04 15:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2013/dsa-2605 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-20175 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2012-015 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20175",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-015",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5977",
"datePublished": "2013-01-04T15:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7551
Vulnerability from cvelistv5
Published
2017-04-17 16:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 | x_refsource_MISC | |
| https://issues.asterisk.org/jira/browse/ASTERISK-26272 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1374733 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2016-007.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3700 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-17T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-26272",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26272"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374733"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7551",
"datePublished": "2017-04-17T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:55.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12827
Vulnerability from cvelistv5
Published
2019-07-12 19:19
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.asterisk.org/jira/browse/ASTERISK-28447 | x_refsource_CONFIRM | |
| http://downloads.digium.com/pub/security/AST-2019-002.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T19:19:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28447",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28447"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2019-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2019-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12827",
"datePublished": "2019-07-12T19:19:52",
"dateReserved": "2019-06-14T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5642
Vulnerability from cvelistv5
Published
2013-09-09 17:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54534 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/96690 | vdb-entry, x_refsource_OSVDB | |
| http://downloads.asterisk.org/pub/security/AST-2013-005.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54617 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2013/dsa-2749 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-22007 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1028957 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/62022 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:223 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"name": "1028957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028957"
},
{
"name": "62022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62022"
},
{
"name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"name": "54617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"name": "1028957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028957"
},
{
"name": "62022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62022"
},
{
"name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"name": "MDVSA-2013:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54534"
},
{
"name": "96690",
"refsource": "OSVDB",
"url": "http://osvdb.org/96690"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html"
},
{
"name": "54617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54617"
},
{
"name": "DSA-2749",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2749"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-22007",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007"
},
{
"name": "1028957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028957"
},
{
"name": "62022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62022"
},
{
"name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html"
},
{
"name": "MDVSA-2013:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5642",
"datePublished": "2013-09-09T17:00:00",
"dateReserved": "2013-08-28T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4046
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/532419/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2014-006.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:27.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532419/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4046",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:27.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9938
Vulnerability from cvelistv5
Published
2016-12-12 21:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2016-009.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94789 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037408 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"name": "94789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"name": "1037408",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"name": "94789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94789"
},
{
"name": "1037408",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-009.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-009.html"
},
{
"name": "94789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94789"
},
{
"name": "1037408",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9938",
"datePublished": "2016-12-12T21:00:00",
"dateReserved": "2016-12-12T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8412
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2014-012.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8412",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2286
Vulnerability from cvelistv5
Published
2014-04-18 19:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.asterisk.org/jira/browse/ASTERISK-23340 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2014-001.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/66093 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-18T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23340",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2286",
"datePublished": "2014-04-18T19:00:00",
"dateReserved": "2014-03-05T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14099
Vulnerability from cvelistv5
Published
2017-09-02 16:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201710-29 | vendor-advisory, x_refsource_GENTOO | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27013 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3964 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1039251 | vdb-entry, x_refsource_SECTRACK | |
| http://downloads.asterisk.org/pub/security/AST-2017-005.html | x_refsource_CONFIRM | |
| https://bugs.debian.org/873907 | x_refsource_CONFIRM | |
| https://rtpbleed.com | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:39.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "1039251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/873907"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rtpbleed.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"name": "DSA-3964",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "1039251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/873907"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rtpbleed.com"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-29"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27013"
},
{
"name": "DSA-3964",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3964"
},
{
"name": "1039251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039251"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-005.html"
},
{
"name": "https://bugs.debian.org/873907",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/873907"
},
{
"name": "https://rtpbleed.com",
"refsource": "MISC",
"url": "https://rtpbleed.com"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14099",
"datePublished": "2017-09-02T16:00:00",
"dateReserved": "2017-08-31T00:00:00",
"dateUpdated": "2024-08-05T19:20:39.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26713
Vulnerability from cvelistv5
Published
2021-02-19 19:30
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC | |
| https://downloads.asterisk.org/pub/security/AST-2021-004.html | x_refsource_MISC | |
| https://issues.asterisk.org/jira/browse/ASTERISK-29205 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T19:30:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-004.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29205",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26713",
"datePublished": "2021-02-19T19:30:30",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2232
Vulnerability from cvelistv5
Published
2016-02-22 15:05
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2016-003.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034931 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2016/dsa-3700 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"name": "1034931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034931"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"name": "1034931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034931"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-003.html"
},
{
"name": "1034931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034931"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2232",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-07T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2316
Vulnerability from cvelistv5
Published
2016-02-22 15:05
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/82651 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034930 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2016/dsa-3700 | vendor-advisory, x_refsource_DEBIAN | |
| http://downloads.asterisk.org/pub/security/AST-2016-002.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82651",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"name": "1034930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034930"
},
{
"name": "FEDORA-2016-3cc13611f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"name": "FEDORA-2016-153eed2bb8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "82651",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82651"
},
{
"name": "1034930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034930"
},
{
"name": "FEDORA-2016-3cc13611f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"name": "FEDORA-2016-153eed2bb8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"name": "DSA-3700",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82651"
},
{
"name": "1034930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034930"
},
{
"name": "FEDORA-2016-3cc13611f4",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"name": "FEDORA-2016-153eed2bb8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"name": "DSA-3700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2316",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-11T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5976
Vulnerability from cvelistv5
Published
2013-01-04 11:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2012-014 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2605 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"name": "DSA-2605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-014",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-014"
},
{
"name": "DSA-2605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5976",
"datePublished": "2013-01-04T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7617
Vulnerability from cvelistv5
Published
2017-04-10 14:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97377 | vdb-entry, x_refsource_BID | |
| https://bugs.debian.org/859910 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2017-001.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/859910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/859910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97377"
},
{
"name": "https://bugs.debian.org/859910",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/859910"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7617",
"datePublished": "2017-04-10T14:00:00",
"dateReserved": "2017-04-10T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7100
Vulnerability from cvelistv5
Published
2013-12-19 22:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:300 | vendor-advisory, x_refsource_MANDRIVA | |
| http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html | mailing-list, x_refsource_BUGTRAQ | |
| https://issues.asterisk.org/jira/browse/ASTERISK-22590 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/56294 | third-party-advisory, x_refsource_SECUNIA | |
| http://downloads.asterisk.org/pub/security/AST-2013-006.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029499 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/101100 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2014/dsa-2835 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/64364 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89825 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2013:300",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"name": "56294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"name": "1029499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029499"
},
{
"name": "101100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101100"
},
{
"name": "DSA-2835",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"name": "64364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64364"
},
{
"name": "asterisk-sms-message-dos(89825)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2013:300",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"name": "56294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"name": "1029499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029499"
},
{
"name": "101100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101100"
},
{
"name": "DSA-2835",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"name": "64364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64364"
},
{
"name": "asterisk-sms-message-dos(89825)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:300",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:300"
},
{
"name": "20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-22590",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-22590"
},
{
"name": "56294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56294"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-006.html"
},
{
"name": "1029499",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029499"
},
{
"name": "101100",
"refsource": "OSVDB",
"url": "http://osvdb.org/101100"
},
{
"name": "DSA-2835",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2835"
},
{
"name": "64364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64364"
},
{
"name": "asterisk-sms-message-dos(89825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7100",
"datePublished": "2013-12-19T22:00:00",
"dateReserved": "2013-12-13T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9372
Vulnerability from cvelistv5
Published
2017-06-02 14:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/863901 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2017-002.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98572 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3933 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1038529 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/863901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-002.txt"
},
{
"name": "98572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98572"
},
{
"name": "DSA-3933",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"name": "1038529",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/863901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-002.txt"
},
{
"name": "98572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98572"
},
{
"name": "DSA-3933",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"name": "1038529",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/863901",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/863901"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-002.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-002.txt"
},
{
"name": "98572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98572"
},
{
"name": "DSA-3933",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3933"
},
{
"name": "1038529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9372",
"datePublished": "2017-06-02T14:00:00",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17850
Vulnerability from cvelistv5
Published
2017-12-23 00:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.asterisk.org/jira/browse/ASTERISK-27480 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040056 | vdb-entry, x_refsource_SECTRACK | |
| https://security.gentoo.org/glsa/201811-11 | vendor-advisory, x_refsource_GENTOO | |
| http://downloads.asterisk.org/pub/security/AST-2017-014.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"name": "1040056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"name": "1040056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040056"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27480",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
},
{
"name": "1040056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040056"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-014.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17850",
"datePublished": "2017-12-23T00:00:00",
"dateReserved": "2017-12-22T00:00:00",
"dateUpdated": "2024-08-05T21:06:49.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8414
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2014-014.html | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Nov/67 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-014.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html"
},
{
"name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/67"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8414",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:47.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14603
Vulnerability from cvelistv5
Published
2017-10-09 14:00
Modified
2024-08-05 19:34
Severity ?
EPSS score ?
Summary
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2017-008.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3990 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27274 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27274",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14603",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2017-09-19T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4737
Vulnerability from cvelistv5
Published
2012-08-31 14:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2012-013.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50687 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50756 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1027461 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2012/dsa-2550 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/55335 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "1027461",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "55335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "1027461",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "55335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "1027461",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "55335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4737",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-08-30T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13161
Vulnerability from cvelistv5
Published
2019-07-12 19:24
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.digium.com/pub/security/AST-2019-003.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-28465 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.digium.com/pub/security/AST-2019-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2019-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28465",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28465"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13161",
"datePublished": "2019-07-12T19:24:37",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7284
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2018-004.html | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/44184/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.debian.org/security/2018/dsa-4320 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/103151 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040416 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"name": "44184",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "103151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"name": "1040416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"name": "44184",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "103151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103151"
},
{
"name": "1040416",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-004.html"
},
{
"name": "44184",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44184/"
},
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "103151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103151"
},
{
"name": "1040416",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7284",
"datePublished": "2018-02-22T00:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7286
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4320 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27618 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2018-005.html | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/44181/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1040417 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/103129 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"name": "44181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"name": "1040417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"name": "103129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"name": "44181",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"name": "1040417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040417"
},
{
"name": "103129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4320",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4320"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27618",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html"
},
{
"name": "44181",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44181/"
},
{
"name": "1040417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040417"
},
{
"name": "103129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7286",
"datePublished": "2018-02-22T00:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18976
Vulnerability from cvelistv5
Published
2019-11-22 16:59
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.asterisk.org/downloads/security-advisories | x_refsource_MISC | |
| https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2019/Nov/20 | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2019-008.html | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"name": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1",
"refsource": "MISC",
"url": "https://www.cybersecurity-help.cz/vdb/SB2019112218?affChecked=1"
},
{
"name": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/155436/Asterisk-Project-Security-Advisory-AST-2019-008.html"
},
{
"name": "https://seclists.org/fulldisclosure/2019/Nov/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Nov/20"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-008.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18976",
"datePublished": "2019-11-22T16:59:19",
"dateReserved": "2019-11-14T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3812
Vulnerability from cvelistv5
Published
2012-07-09 22:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/50687 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50756 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/54317 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2012/dsa-2550 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-20052 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2012-011.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:02.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "54317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54317"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "54317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54317"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "54317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54317"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20052",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20052"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3812",
"datePublished": "2012-07-09T22:00:00",
"dateReserved": "2012-06-27T00:00:00",
"dateUpdated": "2024-08-06T20:21:02.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9374
Vulnerability from cvelistv5
Published
2014-12-12 15:00
Modified
2024-08-06 13:40
Severity ?
EPSS score ?
Summary
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
References
| ▼ | URL | Tags |
|---|---|---|
| http://advisories.mageia.org/MGASA-2015-0010.html | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2014-019.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:018 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/archive/1/534197/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/71607 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/Dec/48 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/60251 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1031345 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"name": "MDVSA-2015:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"name": "71607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71607"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"name": "60251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60251"
},
{
"name": "1031345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"name": "MDVSA-2015:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"name": "71607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71607"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"name": "60251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60251"
},
{
"name": "1031345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2015-0010.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0010.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-019.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-019.html"
},
{
"name": "MDVSA-2015:018",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:018"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534197/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html"
},
{
"name": "71607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71607"
},
{
"name": "20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/48"
},
{
"name": "60251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60251"
},
{
"name": "1031345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9374",
"datePublished": "2014-12-12T15:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16671
Vulnerability from cvelistv5
Published
2017-11-09 00:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101760 | vdb-entry, x_refsource_BID | |
| http://downloads.digium.com/pub/security/AST-2017-010.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201811-11 | vendor-advisory, x_refsource_GENTOO | |
| https://www.debian.org/security/2017/dsa-4076 | vendor-advisory, x_refsource_DEBIAN | |
| https://issues.asterisk.org/jira/browse/ASTERISK-27337 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"name": "GLSA-201811-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101760"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2017-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-010.html"
},
{
"name": "GLSA-201811-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-11"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27337",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16671",
"datePublished": "2017-11-09T00:00:00",
"dateReserved": "2017-11-08T00:00:00",
"dateUpdated": "2024-08-05T20:35:19.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18790
Vulnerability from cvelistv5
Published
2019-11-22 16:22
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.asterisk.org/downloads/security-advisories | x_refsource_MISC | |
| http://downloads.asterisk.org/pub/security/AST-2019-006.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:38.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer\u0027s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer\u0027s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.asterisk.org/downloads/security-advisories"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2019-006.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
},
{
"name": "[debian-lts-announce] 20191130 [SECURITY] [DLA 2017-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18790",
"datePublished": "2019-11-22T16:22:55",
"dateReserved": "2019-11-06T00:00:00",
"dateUpdated": "2024-08-05T02:02:38.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26712
Vulnerability from cvelistv5
Published
2021-02-18 20:10
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://downloads.asterisk.org/pub/security/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Feb/59 | mailing-list, x_refsource_FULLDISC | |
| https://downloads.asterisk.org/pub/security/AST-2021-003.html | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-29260 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:40.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T15:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/"
},
{
"name": "20210218 AST-2021-003: Remote attacker could prematurely tear down SRTP calls",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Feb/59"
},
{
"name": "https://downloads.asterisk.org/pub/security/AST-2021-003.html",
"refsource": "CONFIRM",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29260",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29260"
},
{
"name": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26712",
"datePublished": "2021-02-18T20:10:20",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:40.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9359
Vulnerability from cvelistv5
Published
2017-06-02 05:04
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/863902 | x_refsource_CONFIRM | |
| http://downloads.asterisk.org/pub/security/AST-2017-003.txt | x_refsource_CONFIRM | |
| https://issues.asterisk.org/jira/browse/ASTERISK-26939 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98578 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3933 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/863902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26939"
},
{
"name": "98578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98578"
},
{
"name": "DSA-3933",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/863902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26939"
},
{
"name": "98578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98578"
},
{
"name": "DSA-3933",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/863902",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/863902"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-003.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-003.txt"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-26939",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-26939"
},
{
"name": "98578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98578"
},
{
"name": "DSA-3933",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9359",
"datePublished": "2017-06-02T05:04:00",
"dateReserved": "2017-06-01T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}