Vulnerabilites related to asterisk - s800i_appliance
cve-2007-3765
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
Summary
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
References
http://secunia.com/advisories/26099third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/24950vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1018407vdb-entry, x_refsource_SECTRACK
http://ftp.digium.com/pub/asa/ASA-2007-017.pdfx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/35480vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2007/2563vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26099"
          },
          {
            "name": "24950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24950"
          },
          {
            "name": "1018407",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018407"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
          },
          {
            "name": "asterisk-stun-dos(35480)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
          },
          {
            "name": "ADV-2007-2563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2563"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26099"
        },
        {
          "name": "24950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24950"
        },
        {
          "name": "1018407",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018407"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
        },
        {
          "name": "asterisk-stun-dos(35480)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
        },
        {
          "name": "ADV-2007-2563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2563"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26099",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26099"
            },
            {
              "name": "24950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24950"
            },
            {
              "name": "1018407",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018407"
            },
            {
              "name": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
            },
            {
              "name": "asterisk-stun-dos(35480)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
            },
            {
              "name": "ADV-2007-2563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2563"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3765",
    "datePublished": "2007-07-18T17:00:00",
    "dateReserved": "2007-07-13T00:00:00",
    "dateUpdated": "2024-08-07T14:28:52.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3762
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
Summary
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/35466vdb-entry, x_refsource_XF
http://secunia.com/advisories/26099third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1018407vdb-entry, x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-200802-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/29051third-party-advisory, x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=185713x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/2563vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2007/dsa-1358vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2007_15_sr.htmlvendor-advisory, x_refsource_SUSE
http://ftp.digium.com/pub/asa/ASA-2007-014.pdfx_refsource_CONFIRM
http://www.securityfocus.com/bid/24949vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "asterisk-iax2channeldriver-bo(35466)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
          },
          {
            "name": "26099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26099"
          },
          {
            "name": "1018407",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018407"
          },
          {
            "name": "GLSA-200802-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
          },
          {
            "name": "29051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
          },
          {
            "name": "ADV-2007-2563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2563"
          },
          {
            "name": "DSA-1358",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1358"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
          },
          {
            "name": "24949",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24949"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "asterisk-iax2channeldriver-bo(35466)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
        },
        {
          "name": "26099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26099"
        },
        {
          "name": "1018407",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018407"
        },
        {
          "name": "GLSA-200802-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
        },
        {
          "name": "29051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
        },
        {
          "name": "ADV-2007-2563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2563"
        },
        {
          "name": "DSA-1358",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1358"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
        },
        {
          "name": "24949",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24949"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "asterisk-iax2channeldriver-bo(35466)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
            },
            {
              "name": "26099",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26099"
            },
            {
              "name": "1018407",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018407"
            },
            {
              "name": "GLSA-200802-11",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
            },
            {
              "name": "29051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29051"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
            },
            {
              "name": "ADV-2007-2563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2563"
            },
            {
              "name": "DSA-1358",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1358"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            },
            {
              "name": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
            },
            {
              "name": "24949",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24949"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3762",
    "datePublished": "2007-07-18T17:00:00",
    "dateReserved": "2007-07-13T00:00:00",
    "dateUpdated": "2024-08-07T14:28:52.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3763
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
References
http://ftp.digium.com/pub/asa/ASA-2007-015.pdfx_refsource_CONFIRM
http://secunia.com/advisories/26099third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/24950vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1018407vdb-entry, x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-200802-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/29051third-party-advisory, x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=185713x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/2563vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2007/dsa-1358vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2007_15_sr.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
          },
          {
            "name": "26099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26099"
          },
          {
            "name": "24950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24950"
          },
          {
            "name": "1018407",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018407"
          },
          {
            "name": "GLSA-200802-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
          },
          {
            "name": "29051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
          },
          {
            "name": "ADV-2007-2563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2563"
          },
          {
            "name": "DSA-1358",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1358"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-07-27T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
        },
        {
          "name": "26099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26099"
        },
        {
          "name": "24950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24950"
        },
        {
          "name": "1018407",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018407"
        },
        {
          "name": "GLSA-200802-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
        },
        {
          "name": "29051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
        },
        {
          "name": "ADV-2007-2563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2563"
        },
        {
          "name": "DSA-1358",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1358"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
            },
            {
              "name": "26099",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26099"
            },
            {
              "name": "24950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24950"
            },
            {
              "name": "1018407",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018407"
            },
            {
              "name": "GLSA-200802-11",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
            },
            {
              "name": "29051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29051"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
            },
            {
              "name": "ADV-2007-2563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2563"
            },
            {
              "name": "DSA-1358",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1358"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3763",
    "datePublished": "2007-07-18T17:00:00",
    "dateReserved": "2007-07-13T00:00:00",
    "dateUpdated": "2024-08-07T14:28:52.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3764
Vulnerability from cvelistv5
Published
2007-07-18 17:00
Modified
2024-08-07 14:28
Severity ?
Summary
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
References
http://secunia.com/advisories/26099third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/24950vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1018407vdb-entry, x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-200802-11.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/29051third-party-advisory, x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=185713x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/35478vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2007/2563vdb-entry, x_refsource_VUPEN
http://ftp.digium.com/pub/asa/ASA-2007-016.pdfx_refsource_CONFIRM
http://www.debian.org/security/2007/dsa-1358vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2007_15_sr.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26099"
          },
          {
            "name": "24950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24950"
          },
          {
            "name": "1018407",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018407"
          },
          {
            "name": "GLSA-200802-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
          },
          {
            "name": "29051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29051"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
          },
          {
            "name": "asterisk-skinny-driver-dos(35478)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
          },
          {
            "name": "ADV-2007-2563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2563"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
          },
          {
            "name": "DSA-1358",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1358"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26099"
        },
        {
          "name": "24950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24950"
        },
        {
          "name": "1018407",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018407"
        },
        {
          "name": "GLSA-200802-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
        },
        {
          "name": "29051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29051"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
        },
        {
          "name": "asterisk-skinny-driver-dos(35478)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
        },
        {
          "name": "ADV-2007-2563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2563"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
        },
        {
          "name": "DSA-1358",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1358"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3764",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26099",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26099"
            },
            {
              "name": "24950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24950"
            },
            {
              "name": "1018407",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018407"
            },
            {
              "name": "GLSA-200802-11",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
            },
            {
              "name": "29051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29051"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
            },
            {
              "name": "asterisk-skinny-driver-dos(35478)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
            },
            {
              "name": "ADV-2007-2563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2563"
            },
            {
              "name": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf",
              "refsource": "CONFIRM",
              "url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
            },
            {
              "name": "DSA-1358",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1358"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3764",
    "datePublished": "2007-07-18T17:00:00",
    "dateReserved": "2007-07-13T00:00:00",
    "dateUpdated": "2024-08-07T14:28:52.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0041
Vulnerability from cvelistv5
Published
2009-01-14 23:00
Modified
2024-08-07 04:17
Severity ?
Summary
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
http://security.gentoo.org/glsa/glsa-200905-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/499884/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33453third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/4910third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/33174vdb-entry, x_refsource_BID
http://secunia.com/advisories/37677third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1952vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id?1021549vdb-entry, x_refsource_SECTRACK
http://downloads.digium.com/pub/security/AST-2009-001.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/0063vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/34982third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200905-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
          },
          {
            "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
          },
          {
            "name": "33453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33453"
          },
          {
            "name": "4910",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4910"
          },
          {
            "name": "33174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33174"
          },
          {
            "name": "37677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37677"
          },
          {
            "name": "DSA-1952",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1952"
          },
          {
            "name": "1021549",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021549"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
          },
          {
            "name": "ADV-2009-0063",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0063"
          },
          {
            "name": "34982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34982"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200905-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
        },
        {
          "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
        },
        {
          "name": "33453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33453"
        },
        {
          "name": "4910",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4910"
        },
        {
          "name": "33174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33174"
        },
        {
          "name": "37677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37677"
        },
        {
          "name": "DSA-1952",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1952"
        },
        {
          "name": "1021549",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021549"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
        },
        {
          "name": "ADV-2009-0063",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0063"
        },
        {
          "name": "34982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34982"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200905-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
            },
            {
              "name": "33453",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33453"
            },
            {
              "name": "4910",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4910"
            },
            {
              "name": "33174",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33174"
            },
            {
              "name": "37677",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37677"
            },
            {
              "name": "DSA-1952",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1952"
            },
            {
              "name": "1021549",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021549"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2009-001.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
            },
            {
              "name": "ADV-2009-0063",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0063"
            },
            {
              "name": "34982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34982"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0041",
    "datePublished": "2009-01-14T23:00:00",
    "dateReserved": "2009-01-06T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3264
Vulnerability from cvelistv5
Published
2008-07-24 15:18
Modified
2024-08-07 09:28
Severity ?
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
References
http://www.securitytracker.com/id?1020536vdb-entry, x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-200905-01.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/31194third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2168/referencesvdb-entry, x_refsource_VUPEN
http://downloads.digium.com/pub/security/AST-2008-011.htmlx_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/31178third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/43955vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/30350vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/494676/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/34982third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1020536",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020536"
          },
          {
            "name": "GLSA-200905-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
          },
          {
            "name": "31194",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31194"
          },
          {
            "name": "ADV-2008-2168",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2168/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
          },
          {
            "name": "FEDORA-2008-6676",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
          },
          {
            "name": "31178",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31178"
          },
          {
            "name": "asterisk-downloadprotocol-dos(43955)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
          },
          {
            "name": "30350",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30350"
          },
          {
            "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
          },
          {
            "name": "34982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34982"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1020536",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020536"
        },
        {
          "name": "GLSA-200905-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
        },
        {
          "name": "31194",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31194"
        },
        {
          "name": "ADV-2008-2168",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2168/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
        },
        {
          "name": "FEDORA-2008-6676",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
        },
        {
          "name": "31178",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31178"
        },
        {
          "name": "asterisk-downloadprotocol-dos(43955)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
        },
        {
          "name": "30350",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30350"
        },
        {
          "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
        },
        {
          "name": "34982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34982"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3264",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1020536",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020536"
            },
            {
              "name": "GLSA-200905-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "31194",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31194"
            },
            {
              "name": "ADV-2008-2168",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2168/references"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
            },
            {
              "name": "FEDORA-2008-6676",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
            },
            {
              "name": "31178",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31178"
            },
            {
              "name": "asterisk-downloadprotocol-dos(43955)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
            },
            {
              "name": "30350",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30350"
            },
            {
              "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
            },
            {
              "name": "34982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34982"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3264",
    "datePublished": "2008-07-24T15:18:00",
    "dateReserved": "2008-07-22T00:00:00",
    "dateUpdated": "2024-08-07T09:28:41.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2024-11-21 00:34
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=185713
cve@mitre.orghttp://ftp.digium.com/pub/asa/ASA-2007-015.pdfPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26099
cve@mitre.orghttp://secunia.com/advisories/29051
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200802-11.xml
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1358
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.orghttp://www.securityfocus.com/bid/24950
cve@mitre.orghttp://www.securitytracker.com/id?1018407
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2563
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=185713
af854a3a-2127-422b-91ae-364da2661108http://ftp.digium.com/pub/asa/ASA-2007-015.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26099
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29051
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200802-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1358
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24950
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018407
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2563
Impacted products
Vendor Product Version
asterisk asterisk 1.0
asterisk asterisk 1.0.6
asterisk asterisk 1.0.7
asterisk asterisk 1.0.8
asterisk asterisk 1.0.9
asterisk asterisk 1.0.10
asterisk asterisk 1.0.11
asterisk asterisk 1.0.12
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.5
asterisk asterisk 1.2.6
asterisk asterisk 1.2.7
asterisk asterisk 1.2.8
asterisk asterisk 1.2.9
asterisk asterisk 1.2.10
asterisk asterisk 1.2.11
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.1
asterisk asterisk 1.4.2
asterisk asterisk 1.4.4_2007-04-27
asterisk asterisk 1.4_beta
asterisk asterisk a
asterisk asterisk b.1.3.2
asterisk asterisk b.1.3.3
asterisk asterisk b.2.2.0
asterisk asterisk_appliance_developer_kit *
asterisk asterisknow beta_5
asterisk asterisknow beta_6
asterisk s800i_appliance 1.0
asterisk s800i_appliance 1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
              "matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
              "matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
              "matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
              "matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
              "matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
              "versionEndIncluding": "0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
    },
    {
      "lang": "es",
      "value": "El gestor de dispositivo de canal IAX2 (chan_iax2) en Asterisk versiones anteriores a 1.2.22 y 1.4.x versiones anteriores a 1.4.8, Business Edition versiones anteriores a B.2.2.1, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a 0.5.0, y s800i versiones anteriores a 1.0.2 permite a atacantes remotos   provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante tramas (1) LAGRQ \u00f3 (2) LAGRP que contienen elementos de informaci\u00f3n de tramas IAX, que resulta en una referencia a puntero NULL cuando Asterisk no asigna apropiadamente una variable asociado."
    }
  ],
  "id": "CVE-2007-3763",
  "lastModified": "2024-11-21T00:34:00.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-18T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2024-11-21 00:34
Severity ?
Summary
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
References
cve@mitre.orghttp://ftp.digium.com/pub/asa/ASA-2007-017.pdfPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26099
cve@mitre.orghttp://www.securityfocus.com/bid/24950
cve@mitre.orghttp://www.securitytracker.com/id?1018407
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2563
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35480
af854a3a-2127-422b-91ae-364da2661108http://ftp.digium.com/pub/asa/ASA-2007-017.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26099
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24950
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018407
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2563
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35480
Impacted products
Vendor Product Version
asterisk asterisk 1.0
asterisk asterisk 1.0.6
asterisk asterisk 1.0.7
asterisk asterisk 1.0.8
asterisk asterisk 1.0.9
asterisk asterisk 1.0.10
asterisk asterisk 1.0.11
asterisk asterisk 1.0.12
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.5
asterisk asterisk 1.2.6
asterisk asterisk 1.2.7
asterisk asterisk 1.2.8
asterisk asterisk 1.2.9
asterisk asterisk 1.2.10
asterisk asterisk 1.2.11
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.1
asterisk asterisk 1.4.2
asterisk asterisk 1.4.4_2007-04-27
asterisk asterisk 1.4_beta
asterisk asterisk a
asterisk asterisk b.1.3.2
asterisk asterisk b.1.3.3
asterisk asterisk b.2.2.0
asterisk asterisk_appliance_developer_kit *
asterisk asterisknow beta_5
asterisk asterisknow beta_6
asterisk s800i_appliance 1.0
asterisk s800i_appliance 1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
              "matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
              "matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
              "matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
              "matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
              "matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
              "versionEndIncluding": "0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP."
    }
  ],
  "id": "CVE-2007-3765",
  "lastModified": "2024-11-21T00:34:00.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-18T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-07-24 15:41
Modified
2024-11-21 00:48
Severity ?
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
References
cve@mitre.orghttp://downloads.digium.com/pub/security/AST-2008-011.html
cve@mitre.orghttp://secunia.com/advisories/31178Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31194
cve@mitre.orghttp://secunia.com/advisories/34982
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200905-01.xml
cve@mitre.orghttp://www.securityfocus.com/archive/1/494676/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/30350
cve@mitre.orghttp://www.securitytracker.com/id?1020536
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2168/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/43955
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html
af854a3a-2127-422b-91ae-364da2661108http://downloads.digium.com/pub/security/AST-2008-011.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31178Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31194
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34982
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200905-01.xml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494676/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30350
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020536
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2168/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/43955
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html
Impacted products
Vendor Product Version
asterisk s800i_appliance 1.0
asterisk s800i_appliance 1.0.1
asterisk s800i_appliance 1.0.2
asterisk s800i_appliance 1.0.3
asterisk asterisk_appliance_developer_kit 0.2
asterisk asterisk_appliance_developer_kit 0.3
asterisk asterisk_appliance_developer_kit 0.4
asterisk asterisk_appliance_developer_kit 0.5
asterisk asterisk_appliance_developer_kit 0.6
asterisk asterisk_appliance_developer_kit 0.6.0
asterisk asterisk_appliance_developer_kit 0.7
asterisk asterisk_appliance_developer_kit 0.8
asterisk asterisk_business_edition a
asterisk asterisk_business_edition b
asterisk asterisk_business_edition b.1.3.2
asterisk asterisk_business_edition b.1.3.3
asterisk asterisk_business_edition b.2.2.0
asterisk asterisk_business_edition b.2.2.1
asterisk asterisk_business_edition b.2.3.1
asterisk asterisk_business_edition b.2.3.2
asterisk asterisk_business_edition b.2.3.3
asterisk asterisk_business_edition b.2.3.4
asterisk asterisk_business_edition b.2.3.6
asterisk asterisk_business_edition b.2.5.0
asterisk asterisk_business_edition b.2.5.3
asterisk asterisk_business_edition b2.5.1
asterisk asterisk_business_edition b2.5.2
asterisk asterisk_business_edition c
asterisk asterisk_business_edition c.1.0-beta7
asterisk asterisk_business_edition c.1.0-beta8
asterisk asterisk_business_edition c.1.6
asterisk asterisk_business_edition c.1.6.1
asterisk asterisk_business_edition c.1.6.2
asterisk asterisk_business_edition c1.8.0
asterisk asterisk_business_edition c1.8.1
asterisk asterisknow beta_5
asterisk asterisknow beta_6
asterisk asterisknow beta_7
asterisk asterisknow pre-release
asterisk open_source 1.0
asterisk open_source 1.0.0
asterisk open_source 1.0.1
asterisk open_source 1.0.2
asterisk open_source 1.0.3
asterisk open_source 1.0.3.4
asterisk open_source 1.0.4
asterisk open_source 1.0.5
asterisk open_source 1.0.6
asterisk open_source 1.0.7
asterisk open_source 1.0.8
asterisk open_source 1.0.9
asterisk open_source 1.0.11
asterisk open_source 1.0.11.1
asterisk open_source 1.0.12
asterisk open_source 1.2.0
asterisk open_source 1.2.0beta1
asterisk open_source 1.2.0beta2
asterisk open_source 1.2.1
asterisk open_source 1.2.2
asterisk open_source 1.2.3
asterisk open_source 1.2.4
asterisk open_source 1.2.5
asterisk open_source 1.2.6
asterisk open_source 1.2.7
asterisk open_source 1.2.7.1
asterisk open_source 1.2.8
asterisk open_source 1.2.9
asterisk open_source 1.2.9.1
asterisk open_source 1.2.10
asterisk open_source 1.2.11
asterisk open_source 1.2.12
asterisk open_source 1.2.12.1
asterisk open_source 1.2.13
asterisk open_source 1.2.14
asterisk open_source 1.2.15
asterisk open_source 1.2.16
asterisk open_source 1.2.17
asterisk open_source 1.2.18
asterisk open_source 1.2.19
asterisk open_source 1.2.20
asterisk open_source 1.2.21
asterisk open_source 1.2.21.1
asterisk open_source 1.2.22
asterisk open_source 1.2.23
asterisk open_source 1.2.24
asterisk open_source 1.2.25
asterisk open_source 1.2.26
asterisk open_source 1.2.26.1
asterisk open_source 1.2.26.2
asterisk open_source 1.2.27
asterisk open_source 1.2.28
asterisk open_source 1.2.29
asterisk open_source 1.4.0
asterisk open_source 1.4.1
asterisk open_source 1.4.2
asterisk open_source 1.4.3
asterisk open_source 1.4.4
asterisk open_source 1.4.5
asterisk open_source 1.4.6
asterisk open_source 1.4.7
asterisk open_source 1.4.7.1
asterisk open_source 1.4.8
asterisk open_source 1.4.9
asterisk open_source 1.4.10
asterisk open_source 1.4.10.1
asterisk open_source 1.4.11
asterisk open_source 1.4.12
asterisk open_source 1.4.12.1
asterisk open_source 1.4.13
asterisk open_source 1.4.14
asterisk open_source 1.4.15
asterisk open_source 1.4.16
asterisk open_source 1.4.16.1
asterisk open_source 1.4.16.2
asterisk open_source 1.4.17
asterisk open_source 1.4.18
asterisk open_source 1.4.18.1
asterisk open_source 1.4.19
asterisk open_source 1.4.19.1
asterisk open_source 1.4.19_rc3
asterisk open_source 1.4_revision_95946
asterisk open_source 1.4beta


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53C8D19-507A-45B6-9B19-C733460F0739",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09AEF231-3438-420E-B2B0-1B876A929033",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C05B437-C292-4AA0-8AFE-1CA07CD80034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81DDF486-4185-48EE-869E-0AA6726C31F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5757B9B-2759-439A-9A6D-CCDD6C8C8940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4548D39-0562-4946-AA51-A7C1A31AEE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD71268-EAA2-477B-8AC4-DE4853A262B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "529B2115-A191-4F3F-8F8C-A38B7C45463A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*",
              "matchCriteriaId": "313B3A38-8DEA-4D62-A1A4-0B6011E81870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B24F3283-4809-40B1-8166-9D1C3A4C9104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "802F8680-AB38-41AF-BFC8-F6927F6B1626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCAE8D90-B032-4C60-B487-BE655D00FFAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB64A872-B7B8-46A8-81E4-49EDAC160531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21000270-C9B9-430C-A252-763887A15835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F7CF45-5482-4947-8F1D-48C746987475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B64995D-7892-49AB-A89D-A5D15615C5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0397DBD4-EA00-444A-9008-4932F99DF325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD865F-BC39-4255-A797-6E5945773337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7203093-7209-4184-92CB-08AD73FAC379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4956871-4DD3-4299-8BEB-9D98A4449A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F04F844-79C4-41F3-9671-8B46460D0AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8936B494-E647-498B-8380-AE4DAD458533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B234F33-5233-42A3-B95A-3A3558B4DDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D47534E-8EBC-44B5-8770-65BBA7C3F3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC80EBD-14D3-44A6-A06F-0549722E0EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7859797F-E9AD-4429-BD2C-A24EC24A5D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C988FD-CFB9-4763-BE5A-B89FB3538FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00A6DAD0-D4C3-4A58-A35A-991E04B50EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6413B123-65DE-4483-A8A0-F5F30A809570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "502AEBA1-2A6D-4367-86AB-F2948207FCA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93DA4919-A365-48B6-84D6-6A7D97941A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE2F09E-4B5A-4EDF-A48A-BCBBAA80156B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:pre-release:*:*:*:*:*:*:*",
              "matchCriteriaId": "F420EB4D-5B9C-4BBA-AAC5-5E0E83CD1F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "678DB154-4363-42FF-8B28-367923FC6595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F2C378-FF0E-4765-9F66-625C4064D5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A55A9295-F632-4856-90A1-38371EB98589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FAE6AF1-884D-41F7-B174-9E13C7719C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA9E35B-9A6B-42F2-9315-9C7D09F62227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B1F293-4F0F-48FD-A1F1-1230B94D87D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF7EC20-A424-45E5-B7E4-3CC86075858C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C790E105-55C8-4CDC-9FA8-E1FF6F130A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C860EF-2B29-4995-B942-000CC43FDD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADB80EF-C724-44BA-88FC-24087799D0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B39BE8-7E2D-42DF-8633-44CAD5662777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F39036E3-0027-4C72-9DEB-9A6E2B4512C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A037E6F9-3EF7-4EEB-AC16-081421BCE40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7971E1-F136-4ADC-95EC-BC4F92E838CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7435F043-F92B-4635-93CC-A2C39AAE1BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7B2F43B-8B69-4BF6-86B7-A225175FF068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27202966-2C41-4964-9497-1887D2A834C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "107DA2D8-FE7C-4B70-856D-43D58B988694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C14614F-4E27-40A6-9E56-2B1DBB10330B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A2F2F5A-66FD-4057-917C-66332A88D83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "399B0206-B48B-46EF-8CA6-A6E5A2550B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E9760F-C0EB-47BB-8DA4-CC7815099DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD915CD-A7D3-4305-A6C0-290C648A226C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E79CCE5-C29B-4726-8D2F-BC20F70959BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F29C13DB-6F04-4B41-90A2-2408D70F3641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4F734E-0E78-4957-B323-8E9FBA7FF15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4B117B-E945-4033-A79D-10DFAA3DF18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA6D866F-8189-4FFD-AA24-47C0A015C246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EBFB79-C269-4132-BFAB-451F66CE8289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9E1028E-2C07-4BA3-B891-FA853A87B280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E74F577-70BD-4FAF-BCFD-10CD21FC5601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BB03E2-E61C-4A94-82DF-8720698CE271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B30A36F-5CE6-4246-8752-176FB5999C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A59BC20-3217-4584-9196-D1CD9E0D6B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C64DF29-5B3D-401E-885E-8E37FD577254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A321C2D-852B-4498-ADD6-79956410AB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C820538E-14EC-43C1-80DB-6AAE4905EF0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9562112-2505-4F78-86DE-F30EFAEE47D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A840B4-216B-4063-997F-791FBC8C8658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E5EB34-30AD-4E81-8BD4-4AB905E52B82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "967DF432-DEF4-4FA2-8C8D-19A7FB663A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "295D4042-2D3C-481B-B969-2DDAC1161198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E9EE2A-56AD-42BC-8CB0-D34091849B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96877A3E-B54B-4F31-B281-76CDC98B2D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D0B4503-42A6-4D88-954E-A662E91EC204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B73813-BCD8-429E-B9B9-D6665E026BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBE2156-AF86-4C72-B33D-3FF83930F828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61408884-FBBF-4D94-A552-F99AB46DCED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A527277-D97D-4B74-906F-7481BDBD96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B57A32-7B83-4783-A244-C26301970444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "044FD0D0-FC92-4A01-B0D4-11A703EF21FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3477EC1A-9634-492C-B052-35770A9C9F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C90F104-FA2C-4091-B149-1774AC982C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9328768-7C08-4143-B5F8-F5C2D735D21A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C04E2B3-094B-4828-A2FC-BB66244A9F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDE3D31-4BB2-45A3-B085-8C91152A3152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE0107D4-395E-45F1-B963-7618CCC007D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B8E11B-4984-45A8-A107-D276205988B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2495DB98-F923-4E60-86EC-2DBB7A98C90C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E186D125-996E-4900-A2B8-5CDC8B5D5136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "88576385-EF03-408B-9775-B52E6AFFE48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A838577-2BA1-4792-8B69-6FB07FFD7727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2BF36F-CF10-4F24-970B-3D0BB7561C81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1593E1-BF21-4DB9-A18E-9F221F3F9022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D41604A-21CB-4EF3-85E8-8CD170C8013F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4_revision_95946:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C6272B-D0C4-4EA5-AEE4-5A45DAA2DDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8012CE-4D4B-4131-87E7-16D7907E3BB3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n FWDOWNL firmware-download en Asterisk Open Source 1.0.x, 1.2.x antes de 1.2.30 y 1.4.x antes de 1.4.21.2; Business Edition A.x.x, B.x.x antes de B.2.5.4 y C.x.x antes de C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; y s800i 1.0.x antes de 1.2.0.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n del tr\u00e1fico) mediante una petici\u00f3n IAX2 FWDOWNL."
    }
  ],
  "id": "CVE-2008-3264",
  "lastModified": "2024-11-21T00:48:50.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-24T15:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31178"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31194"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34982"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30350"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020536"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2168/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2168/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-01-14 23:30
Modified
2024-11-21 00:58
Severity ?
Summary
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
cve@mitre.orghttp://downloads.digium.com/pub/security/AST-2009-001.html
cve@mitre.orghttp://secunia.com/advisories/33453
cve@mitre.orghttp://secunia.com/advisories/34982
cve@mitre.orghttp://secunia.com/advisories/37677
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200905-01.xml
cve@mitre.orghttp://securityreason.com/securityalert/4910
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1952
cve@mitre.orghttp://www.securityfocus.com/archive/1/499884/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/33174Patch
cve@mitre.orghttp://www.securitytracker.com/id?1021549
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0063
af854a3a-2127-422b-91ae-364da2661108http://downloads.digium.com/pub/security/AST-2009-001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33453
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34982
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37677
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200905-01.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4910
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1952
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/499884/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33174Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021549
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0063
Impacted products
Vendor Product Version
asterisk asterisk_business_edition *
asterisk asterisk_business_edition *
asterisk asterisk_business_edition a
asterisk asterisk_business_edition b.1.3.2
asterisk asterisk_business_edition b.1.3.3
asterisk asterisk_business_edition b.2.2.0
asterisk asterisk_business_edition b.2.2.1
asterisk asterisk_business_edition b.2.3.1
asterisk asterisk_business_edition b.2.3.2
asterisk asterisk_business_edition b.2.3.3
asterisk asterisk_business_edition b.2.3.4
asterisk asterisk_business_edition b.2.3.5
asterisk asterisk_business_edition b.2.3.6
asterisk asterisk_business_edition b.2.5.0
asterisk asterisk_business_edition b.2.5.1
asterisk asterisk_business_edition b.2.5.3
asterisk asterisk_business_edition c.1.0
asterisk open_source *
asterisk open_source *
asterisk open_source *
asterisk open_source 1.2.0
asterisk open_source 1.2.0
asterisk open_source 1.2.0
asterisk open_source 1.2.0
asterisk open_source 1.2.0
asterisk open_source 1.2.0beta1
asterisk open_source 1.2.0beta2
asterisk open_source 1.2.1
asterisk open_source 1.2.2
asterisk open_source 1.2.2
asterisk open_source 1.2.3
asterisk open_source 1.2.3
asterisk open_source 1.2.10
asterisk open_source 1.2.10
asterisk open_source 1.2.11
asterisk open_source 1.2.11
asterisk open_source 1.2.12
asterisk open_source 1.2.12
asterisk open_source 1.2.12.1
asterisk open_source 1.2.12.1
asterisk open_source 1.2.13
asterisk open_source 1.2.13
asterisk open_source 1.2.14
asterisk open_source 1.2.14
asterisk open_source 1.2.15
asterisk open_source 1.2.15
asterisk open_source 1.2.16
asterisk open_source 1.2.16
asterisk open_source 1.2.17
asterisk open_source 1.2.17
asterisk open_source 1.2.18
asterisk open_source 1.2.18
asterisk open_source 1.2.19
asterisk open_source 1.2.19
asterisk open_source 1.2.20
asterisk open_source 1.2.20
asterisk open_source 1.2.21
asterisk open_source 1.2.21
asterisk open_source 1.2.21.1
asterisk open_source 1.2.21.1
asterisk open_source 1.2.22
asterisk open_source 1.2.22
asterisk open_source 1.2.23
asterisk open_source 1.2.23
asterisk open_source 1.2.24
asterisk open_source 1.2.24
asterisk open_source 1.2.25
asterisk open_source 1.2.25
asterisk open_source 1.2.26
asterisk open_source 1.2.26
asterisk open_source 1.2.26.1
asterisk open_source 1.2.26.1
asterisk open_source 1.2.26.2
asterisk open_source 1.2.26.2
asterisk open_source 1.2.27
asterisk open_source 1.2.28
asterisk open_source 1.2.29
asterisk open_source 1.2.30
asterisk open_source 1.2.30.2
asterisk open_source 1.2.30.3
asterisk open_source 1.4.0
asterisk open_source 1.4.0
asterisk open_source 1.4.0
asterisk open_source 1.4.0
asterisk open_source 1.4.1
asterisk open_source 1.4.2
asterisk open_source 1.4.3
asterisk open_source 1.4.4
asterisk open_source 1.4.5
asterisk open_source 1.4.6
asterisk open_source 1.4.7
asterisk open_source 1.4.7.1
asterisk open_source 1.4.8
asterisk open_source 1.4.9
asterisk open_source 1.4.10
asterisk open_source 1.4.10.1
asterisk open_source 1.4.11
asterisk open_source 1.4.12
asterisk open_source 1.4.12.1
asterisk open_source 1.4.13
asterisk open_source 1.4.14
asterisk open_source 1.4.15
asterisk open_source 1.4.16
asterisk open_source 1.4.16.1
asterisk open_source 1.4.16.2
asterisk open_source 1.4.17
asterisk open_source 1.4.18
asterisk open_source 1.4.18.1
asterisk open_source 1.4.19
asterisk open_source 1.4.19
asterisk open_source 1.4.19
asterisk open_source 1.4.19
asterisk open_source 1.4.19
asterisk open_source 1.4.19.1
asterisk open_source 1.4.19.2
asterisk open_source 1.4.20
asterisk open_source 1.4.20
asterisk open_source 1.4.20
asterisk open_source 1.4.20
asterisk open_source 1.4.21
asterisk open_source 1.4.21
asterisk open_source 1.4.21
asterisk open_source 1.4.21.1
asterisk open_source 1.4.21.2
asterisk open_source 1.4.22
asterisk open_source 1.4.22
asterisk open_source 1.4.22
asterisk open_source 1.4.22.1
asterisk open_source 1.4.22.2
asterisk open_source 1.4.23
asterisk open_source 1.4.23
asterisk open_source 1.4.23
asterisk open_source 1.4_revision_95946
asterisk open_source 1.4beta
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0
asterisk open_source 1.6.0.1
asterisk open_source 1.6.0.2
asterisk open_source 1.6.0.3
asterisk s800i_appliance 1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A5B8FE-5EB4-4EFD-957D-D0B7AADC55E5",
              "versionEndIncluding": "b.2.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:*:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "5E583AB0-6127-4C34-B6C6-1837F5D0C2D6",
              "versionEndIncluding": "c.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*",
              "matchCriteriaId": "313B3A38-8DEA-4D62-A1A4-0B6011E81870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "802F8680-AB38-41AF-BFC8-F6927F6B1626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCAE8D90-B032-4C60-B487-BE655D00FFAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB64A872-B7B8-46A8-81E4-49EDAC160531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21000270-C9B9-430C-A252-763887A15835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F7CF45-5482-4947-8F1D-48C746987475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B64995D-7892-49AB-A89D-A5D15615C5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0397DBD4-EA00-444A-9008-4932F99DF325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD865F-BC39-4255-A797-6E5945773337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB3C2CF4-4A4B-4398-92DC-EAE43801D08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7203093-7209-4184-92CB-08AD73FAC379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4956871-4DD3-4299-8BEB-9D98A4449A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F796D547-034A-46FB-B245-3863C198AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F04F844-79C4-41F3-9671-8B46460D0AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "F981A428-E7F3-4DE5-91DC-60A1C5C6C6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6254A9-FDE8-4167-9B8F-BA387A813DCC",
              "versionEndIncluding": "1.2.30.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:*:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FD73983B-7A1A-4016-B5D6-EA1019CC8D35",
              "versionEndIncluding": "1.4.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:*:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E0B464C-075E-4B62-B00A-53AA2613B619",
              "versionEndIncluding": "1.6.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7971E1-F136-4ADC-95EC-BC4F92E838CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E62D108C-862D-4BDB-BE37-285AA4C9C59A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "CF1422F3-829D-498C-83A6-02989DFB70A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CBEB9D69-A404-4053-92F9-CAC3481AFF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E816CCDB-4169-4F09-AE87-E467F4BE7685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7435F043-F92B-4635-93CC-A2C39AAE1BCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7B2F43B-8B69-4BF6-86B7-A225175FF068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27202966-2C41-4964-9497-1887D2A834C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "65223182-1675-462C-AF67-4A48760A63F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB4CD-6436-4E0B-A620-9DF2AC8A3C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E79CCE5-C29B-4726-8D2F-BC20F70959BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "0CF6584D-A7BB-4BD5-8232-9293FEE4A971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F29C13DB-6F04-4B41-90A2-2408D70F3641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "174D6B56-7D0F-46F0-849A-FD05CB348FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4F734E-0E78-4957-B323-8E9FBA7FF15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "938F545A-F8A7-455E-8E5A-2B5454B6CE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4B117B-E945-4033-A79D-10DFAA3DF18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "E7C0897A-C841-4AAB-A6B3-1FCF7A99A60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA6D866F-8189-4FFD-AA24-47C0A015C246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "B2BAA1B3-7DD3-4248-915D-2BCC0ACFA2C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EBFB79-C269-4132-BFAB-451F66CE8289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "21612C17-7368-4108-B55B-5AB5CA6733E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9E1028E-2C07-4BA3-B891-FA853A87B280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "8A0D57D7-15AD-4CDF-A5A7-AB83F8E6154E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E74F577-70BD-4FAF-BCFD-10CD21FC5601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "06DB25C8-4EA5-465F-8EFA-BCA8D40F1795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BB03E2-E61C-4A94-82DF-8720698CE271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "A149F8C2-3DA5-44B2-A288-3482F3975824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B30A36F-5CE6-4246-8752-176FB5999C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "9462B320-B69D-409D-8DCC-D8D6CA1A757D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "ECCCBAE9-8FD4-43F0-9EF8-56E9BBA3D8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A59BC20-3217-4584-9196-D1CD9E0D6B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "BEA0014A-659B-4533-A393-6D4ADC80EB0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "8F1621F9-7C84-4CF0-BBCD-CEAEE8683BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C64DF29-5B3D-401E-885E-8E37FD577254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "346C9F65-B5FB-4A75-8E1B-137112F270D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "7EFEE380-0C64-4413-AF3A-45ABC8833500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A321C2D-852B-4498-ADD6-79956410AB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "8CA18FC6-1480-400E-A885-8CDAE45AA7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "93741261-378B-4C02-8D68-0E5F39128375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C820538E-14EC-43C1-80DB-6AAE4905EF0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "07CF9DD6-B624-49F0-A8E4-7EBCE7932BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9562112-2505-4F78-86DE-F30EFAEE47D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A840B4-216B-4063-997F-791FBC8C8658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*",
              "matchCriteriaId": "72375576-F857-4585-A677-A326D89A65B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E5EB34-30AD-4E81-8BD4-4AB905E52B82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4359322B-08D0-4710-A9C3-54BD4A17B800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F84DF4-DBA7-430C-AF17-F52024EF80D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34266614-3588-485C-A609-37823F8499AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "967DF432-DEF4-4FA2-8C8D-19A7FB663A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "40850BF4-E252-4667-9B46-9B6FEF6E997D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "1BB01DD1-B29B-4210-88CC-9ADB3148A410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "295D4042-2D3C-481B-B969-2DDAC1161198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E9EE2A-56AD-42BC-8CB0-D34091849B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96877A3E-B54B-4F31-B281-76CDC98B2D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D0B4503-42A6-4D88-954E-A662E91EC204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B73813-BCD8-429E-B9B9-D6665E026BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBE2156-AF86-4C72-B33D-3FF83930F828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61408884-FBBF-4D94-A552-F99AB46DCED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A527277-D97D-4B74-906F-7481BDBD96D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B57A32-7B83-4783-A244-C26301970444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "044FD0D0-FC92-4A01-B0D4-11A703EF21FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3477EC1A-9634-492C-B052-35770A9C9F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C90F104-FA2C-4091-B149-1774AC982C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9328768-7C08-4143-B5F8-F5C2D735D21A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C04E2B3-094B-4828-A2FC-BB66244A9F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDE3D31-4BB2-45A3-B085-8C91152A3152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE0107D4-395E-45F1-B963-7618CCC007D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B8E11B-4984-45A8-A107-D276205988B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2495DB98-F923-4E60-86EC-2DBB7A98C90C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E186D125-996E-4900-A2B8-5CDC8B5D5136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "88576385-EF03-408B-9775-B52E6AFFE48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A838577-2BA1-4792-8B69-6FB07FFD7727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2BF36F-CF10-4F24-970B-3D0BB7561C81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BFC1BB05-15C6-4829-86EB-5B1BFA4B5B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AB77E88B-7233-4979-914E-24E671C1FB23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1CCF9CAE-674A-4833-9D5C-FCBD865BE9F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1593E1-BF21-4DB9-A18E-9F221F3F9022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8E9FE3-FA25-4054-876E-4A3CE6E71AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BBAEADC-D1DE-46EF-808C-2F6D2A74D988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AEF8EB4B-2947-4BD3-ADF3-345AEFE85B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E4476FB3-A759-49F5-ABDE-6D2A321B61BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "DFC109C3-2F52-48BE-B07E-3D65F31C1012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54101A9-3967-4111-8A03-DA1BB23141BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8B00600-1D45-41F7-9A10-97FB39012FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CB2331-0F95-45E0-AF5B-0B9C74C5BA88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4ADB6A7-76AC-4AE3-B1AA-9F8DFA635418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "776BC35C-CF37-4F4E-9FD5-EC351D4C2C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10DAABC-FF06-44FB-98EC-B6AD17C03FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "ACA8AFD5-4C7C-4876-93CA-C5B3E881C455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "547EEB2B-2ECA-4B00-83BB-CFAA11BE0145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83829E0F-C24B-4BD6-88EA-98898A9AD86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C19141-823E-4057-A699-FD1DFF92DF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE7FE41-E749-49B8-99DF-19F9E7C4827A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4E78234B-39B6-4DB4-A10F-AA55F174D4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3984CF42-2431-4661-B333-C6721DF7123A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4_revision_95946:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C6272B-D0C4-4EA5-AEE4-5A45DAA2DDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8012CE-4D4B-4131-87E7-16D7907E3BB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "D4F88914-6097-4AF1-8337-DCF062EB88AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "8BDB49DC-5344-451E-B8D6-D02C3431CE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "B1FDA8D3-5082-479B-BA0A-F1E83D750B5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "7305910F-42BA-44CE-A7AC-B6F74200B68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "B93EB4D6-3375-44BC-870F-714A3BC00C2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "52F60D6E-64EB-4223-8A79-595693B444C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:*",
              "matchCriteriaId": "37CF29B9-4397-4298-9326-0443E666CDC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "7D85DA34-A977-4A82-8E79-7BFE064DE9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "1476EF7B-A6F8-4B10-AF0F-986EA6BA3116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "98E222F0-4CAA-4247-A00D-C6CEC2E55198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "63744245-6126-47F6-B9F5-E936538140C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "C8805BEE-A4CF-45C2-B948-F1E8EF0A0886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E474C33-B42A-4BB8-AC57-8A9071316240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B83B3132-7D78-4AC3-B83A-A6A20AA28993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0147FCED-AE75-4945-B76E-33F2AA764B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE03C02-BE4A-47B6-A2B4-68DAEC5AA47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
    },
    {
      "lang": "es",
      "value": "IAX2 en Asterisk Open Source v1.2.x anterior a v1.2.31, v1.4.x anterior a v1.4.23-rc4, y v1.6.x anterior a v1.6.0.3-rc2; Business Edition A.x.x, B.x.x anterior a B.2.5.7, C.1.x.x anterior a C.1.10.4, y C.2.x.x anterior a C.2.1.2.1; y s800i 1.2.x anterior a v1.3.0 responden de manera distinta ante un intento de acceso fallido  dependiendo de si la cuenta de usuario existe, lo que permite a atacantes remotos listar nombres de usuario v\u00e1lidos."
    }
  ],
  "evaluatorComment": "Vendor Advisory: http://downloads.digium.com/pub/security/AST-2009-001.html",
  "id": "CVE-2009-0041",
  "lastModified": "2024-11-21T00:58:55.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-14T23:30:00.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33453"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34982"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37677"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4910"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1952"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33174"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0063"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2024-11-21 00:34
Severity ?
Summary
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=185713
cve@mitre.orghttp://ftp.digium.com/pub/asa/ASA-2007-014.pdfPatch
cve@mitre.orghttp://secunia.com/advisories/26099
cve@mitre.orghttp://secunia.com/advisories/29051
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200802-11.xml
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1358
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.orghttp://www.securityfocus.com/bid/24949
cve@mitre.orghttp://www.securitytracker.com/id?1018407
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2563
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35466
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=185713
af854a3a-2127-422b-91ae-364da2661108http://ftp.digium.com/pub/asa/ASA-2007-014.pdfPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26099
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29051
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200802-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1358
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24949
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018407
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2563
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35466
Impacted products
Vendor Product Version
asterisk asterisk 1.0
asterisk asterisk 1.0.6
asterisk asterisk 1.0.7
asterisk asterisk 1.0.8
asterisk asterisk 1.0.9
asterisk asterisk 1.0.10
asterisk asterisk 1.0.11
asterisk asterisk 1.0.12
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.5
asterisk asterisk 1.2.6
asterisk asterisk 1.2.7
asterisk asterisk 1.2.8
asterisk asterisk 1.2.9
asterisk asterisk 1.2.10
asterisk asterisk 1.2.11
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.1
asterisk asterisk 1.4.2
asterisk asterisk 1.4.4_2007-04-27
asterisk asterisk 1.4_beta
asterisk asterisk a
asterisk asterisk b.1.3.2
asterisk asterisk b.1.3.3
asterisk asterisk b.2.2.0
asterisk asterisk_appliance_developer_kit *
asterisk asterisknow beta_5
asterisk asterisknow beta_6
asterisk s800i_appliance 1.0
asterisk s800i_appliance 1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
              "matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
              "matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
              "matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
              "matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
              "matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
              "versionEndIncluding": "0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n enviando una trama RTP larga de (1) voz o (2) v\u00eddeo."
    }
  ],
  "id": "CVE-2007-3762",
  "lastModified": "2024-11-21T00:34:00.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-18T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24949"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-07-18 17:30
Modified
2024-11-21 00:34
Severity ?
Summary
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=185713
cve@mitre.orghttp://ftp.digium.com/pub/asa/ASA-2007-016.pdfPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26099
cve@mitre.orghttp://secunia.com/advisories/29051
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200802-11.xml
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1358
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.orghttp://www.securityfocus.com/bid/24950
cve@mitre.orghttp://www.securitytracker.com/id?1018407
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2563
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35478
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=185713
af854a3a-2127-422b-91ae-364da2661108http://ftp.digium.com/pub/asa/ASA-2007-016.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26099
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29051
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200802-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1358
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24950
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018407
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2563
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35478
Impacted products
Vendor Product Version
asterisk asterisk 1.0
asterisk asterisk 1.0.6
asterisk asterisk 1.0.7
asterisk asterisk 1.0.8
asterisk asterisk 1.0.9
asterisk asterisk 1.0.10
asterisk asterisk 1.0.11
asterisk asterisk 1.0.12
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.5
asterisk asterisk 1.2.6
asterisk asterisk 1.2.7
asterisk asterisk 1.2.8
asterisk asterisk 1.2.9
asterisk asterisk 1.2.10
asterisk asterisk 1.2.11
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.1
asterisk asterisk 1.4.2
asterisk asterisk 1.4.4_2007-04-27
asterisk asterisk 1.4_beta
asterisk asterisk a
asterisk asterisk b.1.3.2
asterisk asterisk b.1.3.3
asterisk asterisk b.2.2.0
asterisk asterisk_appliance_developer_kit *
asterisk asterisknow beta_5
asterisk asterisknow beta_6
asterisk s800i_appliance 1.0
asterisk s800i_appliance 1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
              "matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
              "matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
              "matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
              "matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
              "matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
              "versionEndIncluding": "0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
    },
    {
      "lang": "es",
      "value": "El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a la beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de ciertos valores de longitudes de datos en un paquete manipulado, lo cual deriva en un \"copia de memoria demasiado larga\"."
    }
  ],
  "id": "CVE-2007-3764",
  "lastModified": "2024-11-21T00:34:00.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-18T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}