Search criteria
78 vulnerabilities found for open_source by asterisk
CVE-2020-28327 (GCVE-0-2020-28327)
Vulnerability from cvelistv5 – Published: 2020-11-06 18:08 – Updated: 2024-08-04 16:33
VLAI?
Summary
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:31:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-001.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29057",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28327",
"datePublished": "2020-11-06T18:08:07",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28242 (GCVE-0-2020-28242)
Vulnerability from cvelistv5 – Published: 2020-11-06 05:02 – Updated: 2024-08-04 16:33
VLAI?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-002.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28242",
"datePublished": "2020-11-06T05:02:58",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3723 (GCVE-0-2009-3723)
Vulnerability from cvelistv5 – Published: 2019-10-29 12:42 – Updated: 2024-08-07 06:38
VLAI?
Summary
asterisk allows calls on prohibited networks
Severity ?
No CVSS data available.
CWE
- calls allowed on prohibited networks in asterisk
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "All 1.6.1 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asterisk allows calls on prohibited networks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "calls allowed on prohibited networks in asterisk",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T12:42:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "asterisk",
"version": {
"version_data": [
{
"version_value": "All 1.6.1 versions"
}
]
}
}
]
},
"vendor_name": "asterisk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asterisk allows calls on prohibited networks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "calls allowed on prohibited networks in asterisk"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3723",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"name": "https://access.redhat.com/security/cve/cve-2009-3723",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3723",
"datePublished": "2019-10-29T12:42:08",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12228 (GCVE-0-2018-12228)
Vulnerability from cvelistv5 – Published: 2018-06-12 04:00 – Updated: 2024-08-05 08:30
VLAI?
Summary
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104457"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27807",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27807"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12228",
"datePublished": "2018-06-12T04:00:00",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9358 (GCVE-0-2017-9358)
Vulnerability from cvelistv5 – Published: 2017-06-02 05:04 – Updated: 2024-08-05 17:02
VLAI?
Summary
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/863906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/863906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038531",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98573"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"name": "https://bugs.debian.org/863906",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/863906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9358",
"datePublished": "2017-06-02T05:04:00",
"dateReserved": "2017-06-01T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2686 (GCVE-0-2013-2686)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"name": "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource": "MISC",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2686",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:02.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2264 (GCVE-0-2013-2264)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2685 (GCVE-0-2013-2685)
Vulnerability from cvelistv5 – Published: 2013-03-29 18:00 – Updated: 2024-09-16 16:44
VLAI?
Summary
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20901",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2685",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:08.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2186 (GCVE-0-2012-2186)
Vulnerability from cvelistv5 – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2948 (GCVE-0-2012-2948)
Vulnerability from cvelistv5 – Published: 2012-06-02 15:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-scd-dos(75937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2948",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2414 (GCVE-0-2012-2414)
Vulnerability from cvelistv5 – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"refsource": "OSVDB",
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2414",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28327 (GCVE-0-2020-28327)
Vulnerability from nvd – Published: 2020-11-06 18:08 – Updated: 2024-08-04 16:33
VLAI?
Summary
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:31:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-001.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29057",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28327",
"datePublished": "2020-11-06T18:08:07",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28242 (GCVE-0-2020-28242)
Vulnerability from nvd – Published: 2020-11-06 05:02 – Updated: 2024-08-04 16:33
VLAI?
Summary
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T07:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-002.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-002.html"
},
{
"name": "FEDORA-2020-6b277646c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUS54QTQCYKR36EIULYD544GXDA644HB/"
},
{
"name": "[debian-lts-announce] 20220403 [SECURITY] [DLA 2969-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28242",
"datePublished": "2020-11-06T05:02:58",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3723 (GCVE-0-2009-3723)
Vulnerability from nvd – Published: 2019-10-29 12:42 – Updated: 2024-08-07 06:38
VLAI?
Summary
asterisk allows calls on prohibited networks
Severity ?
No CVSS data available.
CWE
- calls allowed on prohibited networks in asterisk
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "All 1.6.1 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "asterisk allows calls on prohibited networks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "calls allowed on prohibited networks in asterisk",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T12:42:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "asterisk",
"version": {
"version_data": [
{
"version_value": "All 1.6.1 versions"
}
]
}
}
]
},
"vendor_name": "asterisk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asterisk allows calls on prohibited networks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "calls allowed on prohibited networks in asterisk"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2009-3723",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-3723"
},
{
"name": "https://access.redhat.com/security/cve/cve-2009-3723",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2009-3723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-007.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3723",
"datePublished": "2019-10-29T12:42:08",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12228 (GCVE-0-2018-12228)
Vulnerability from nvd – Published: 2018-06-12 04:00 – Updated: 2024-08-05 08:30
VLAI?
Summary
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2018-007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104457"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27807",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27807"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2018-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2018-007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12228",
"datePublished": "2018-06-12T04:00:00",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9358 (GCVE-0-2017-9358)
Vulnerability from nvd – Published: 2017-06-02 05:04 – Updated: 2024-08-05 17:02
VLAI?
Summary
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/863906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/863906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038531",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038531"
},
{
"name": "98573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98573"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"name": "https://bugs.debian.org/863906",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/863906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9358",
"datePublished": "2017-06-02T05:04:00",
"dateReserved": "2017-06-01T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2686 (GCVE-0-2013-2686)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"name": "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource": "MISC",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2686",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:02.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2264 (GCVE-0-2013-2264)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-21013",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2264",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-02-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:10.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2685 (GCVE-0-2013-2685)
Vulnerability from nvd – Published: 2013-03-29 18:00 – Updated: 2024-09-16 16:44
VLAI?
Summary
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-29T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20901",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2685",
"datePublished": "2013-03-29T18:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:08.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2186 (GCVE-0-2012-2186)
Vulnerability from nvd – Published: 2012-08-31 14:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-31T09:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "50687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-012.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"name": "1027460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2186",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2948 (GCVE-0-2012-2948)
Vulnerability from nvd – Published: 2012-06-02 15:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-scd-dos(75937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-scd-dos(75937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"name": "1027103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"name": "DSA-2493",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"name": "53723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
},
{
"name": "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2948",
"datePublished": "2012-06-02T15:00:00",
"dateReserved": "2012-05-29T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2414 (GCVE-0-2012-2414)
Vulnerability from nvd – Published: 2012-04-30 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"name": "81454",
"refsource": "OSVDB",
"url": "http://osvdb.org/81454"
},
{
"name": "1026961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-004.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"name": "48941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48941"
},
{
"name": "53206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"name": "asterisk-originate-command-exec(75100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"name": "FEDORA-2012-6724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"name": "48891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2414",
"datePublished": "2012-04-30T20:00:00",
"dateReserved": "2012-04-23T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2013-2686
Vulnerability from fkie_nvd - Published: 2013-04-01 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41CA6DD3-FD39-482B-83AA-FE24055E9B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AB9A1-54B6-4C9A-8E4C-52A3BF147DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E4852C-4444-40BB-8DBB-51EC97D6BD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "602E20C8-9DFF-4D11-8F1E-F7E943E8FE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC5CE37E-7BAC-45D5-AD09-8823D893627C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B38DE1B4-44CF-4199-B739-5880F6492216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B25558F4-2DF6-4C00-969F-67F7C2A05668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EFFEF57-8097-42B1-AC4F-20CEFAC4AFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6DFF8BD7-7287-40B2-8BAC-46C85440882D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C94601-5C7E-4B9B-A8C9-A78C7E529864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1926E877-9EA2-457B-B501-6E07760B38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "604956F2-5FE8-4D0A-A5EF-20E6D0E89933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42D8445A-8F8D-47D3-BBE4-687BD00D2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9DF848-DEFC-4F1C-81BF-BFD2E142565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBB8E443-4A8D-405D-AF18-D56EE3D3AB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5BAE4B32-F771-4DEA-9665-C862F3BA38B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21E8BAFB-6973-48DE-9835-93464882712A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57BF8BF0-DAD0-472B-9A13-34633F2BED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "06E40764-4AFD-4DAA-BC96-46881EB55F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "412E6FAF-60A4-44DF-A1E5-BFBB127367B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBFEE9B-B3D5-4659-A833-03804A010474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F127574-4C2A-4D0D-9601-B369C9E75BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A58518-4619-4B6C-A01E-875E7A02B563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A56402C5-9408-4A7C-A6BF-DF1707EE19F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "145FF5F2-E4DC-42AD-B320-A9A82D517073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "217B4501-AEBA-4417-87D8-0C18779F16F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3784F3AC-0A54-4453-85C9-33C5AF05564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39900193-C2F2-424E-95A9-B7EF637A3F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589B3B1E-5BCB-4BA3-B4A6-CD9FAF8AD05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B5C6294-7BB5-4749-8F90-7AB3786696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D3320-3A6E-4756-9314-78E5027CDD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC59D23-316D-43FC-9BA9-67E8BDAF5F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59556035-E04B-4350-BD3B-A3935C28C6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F73501-BE0D-4130-8077-D5D853E91F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C72C50B-12C1-4A1C-B51F-F66244C18CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D3A3D9A-9F63-44FD-BF14-2DC3AE8C0D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56C40572-5FBE-4A39-AF3D-A335873BF660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "844232F0-D524-44E0-B420-2992BC0FED11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D73A9C29-4270-4126-9D6B-3780F6F3D7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A402F4F2-73BC-49B1-B5DD-9231F090BFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "410D67F4-C941-4CBE-8D82-673217EE7FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45244F02-B71A-4692-BDAD-34C37ACAB676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA73D5CD-0BBC-42EF-9693-265A0566E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0574B440-5004-4F47-B657-1672E9092A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1F128-276F-4883-A93C-D5C7282925DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5392F1-57AC-4208-9646-42098CCEF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D11D64C-6E1F-4014-88D2-F5FB61D66C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "036281DD-6F0A-4810-A1D3-952077896808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2749712C-929A-43F4-B58A-F9F777DBD84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92AD9878-F87D-43AC-BE2B-514977F5A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A9089A8-55D4-4992-BAC0-FE5BE3E2F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F33E93C3-D4A3-4A38-84E1-0D3CB8915418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A1EE57-D8ED-4A2E-BE71-043E06EA4F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BC400500-F1CF-4D13-A18E-25B5EE70F3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A215C07A-6E8C-4EEB-AD94-68A75BE7DB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9764E3-DA33-4A31-97C7-E523D6DE6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "703FBE7B-CAD4-43B4-920D-DFC28CFFB7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00750678-5A5E-4A75-A405-3D42E1CB147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31228737-2F7E-434A-B4FE-E1C9BB71D893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A84F1317-E44E-4CD4-8979-DC335AD8B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D358E8-6399-4568-9ECC-CA084B80129C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DC34227-26A7-44C1-B5CB-C7328134316B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2E2701A-489E-4A9C-9E5C-01661E599BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13892E-0D45-438B-A126-439335B47C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E6025382-31C8-4227-B44F-856FD014B283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*",
"matchCriteriaId": "0DAEE2C6-008C-476D-8464-3C616E5CA805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*",
"matchCriteriaId": "688A1BA8-A195-41E9-812D-F4400EFA5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*",
"matchCriteriaId": "177A2158-B36D-4B6D-9FEA-2DF32830AE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A84E1FF-10CB-45AA-B2EC-6FB6E78C6D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83726255-3A94-49A7-A43F-414CA0A814FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0188A765-4376-4EDC-8070-74B6882253B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "98F95DCC-6B40-42D6-BDA4-8BBE5C4AB4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "28051F65-0862-438F-B4D6-1F7F1B93A76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "344BE33A-2345-48C4-91EB-58C4EC2499B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C38C7220-D25C-4399-A414-0541A44DCD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E69A7B6F-1D33-471D-80B2-37D30817FD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA77C-2D86-4815-905F-78B9B55B4790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4C5D9FD-24AD-4C73-ACA3-924AA2D4C041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "039D01BB-9B67-467B-9E5D-89208C4F9595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7DFEB-9DDF-4DE7-A295-869F810FD5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C0C0F3B5-97EF-4806-AD51-DD201F35F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08D0CC7-7339-4468-9CC6-7007D859160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ACAF81C5-D3B2-4D7E-BD1F-2FFCEDE3E2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3146A017-A6A5-4C3D-8138-EBE552A99F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEECF41-6AFA-4067-ADB4-EA53A6C77740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "271F0ACA-F4F5-4FD9-8F39-56722EE40D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AEAF9BED-896B-4E0D-AE2A-65ADA2B96876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32A45F41-BA2A-4878-82BA-2C1EE3301708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAEBB11B-AC3A-46C2-94F6-7B68994E47C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A8C554-04E9-4A86-B2CA-12B19BF5BD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CC2E7D4E-2713-4F50-A646-8643FA31C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "295AE899-CE46-4904-AA88-F05D857D50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC070B60-E90E-432F-AF02-5BCD6CFA8902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6FE1237-4974-4F87-BB44-1608D5879856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14248FC6-A833-4918-AC6D-94DC75E28D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FA03327-13B9-488D-A1D7-59AB07926B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC53629-1F20-4B22-9465-63250F917007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F912BF-1512-45E8-9035-750F083D60B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "540F8042-4B26-4078-ACE7-DBAC45D4FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC68FD-F05E-4821-BAA1-5A871C8C39AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6093D29F-64F8-4E3E-B6C4-646D0D6A6B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9424B04A-6262-4E31-BFD3-F5849EF32771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39147BA2-6F85-4E88-A896-B5F5C571A835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A54E95F9-2CFC-43C6-AF6B-44ABC5555C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB53F9D1-14EC-4B00-9A72-E086D2EB27F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4C48AD83-84B9-4A92-8C88-FC4F966644DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39202DF6-359E-4A62-98B4-D42A5F899717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7134E96-F5EF-4E87-9B11-DAA2A1D90761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2A761C15-53E2-4BDC-AF7B-86BCB7F10466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3288F41-D446-4899-9AC7-60EB72145ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44027DC7-1BD6-4F17-AD4F-6D6457B779FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "170DEF44-9D18-4C9E-919F-5B7CC2C7D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1674C43B-51DE-484C-8B87-CF3256589BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEFB68A-9C07-468F-A118-315D8DB21897",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
},
{
"lang": "es",
"value": "main/http.c en el servidor HTTP Asterisk Open Source v1.8.x antes de v1.8.20.2, v10.x antes v10.12.2 y v11.2.2 v11.x antes; Certified Asterisk v1.8.15 antes de v8.1.15-cert2; y Digiumphones Asterisk v10.x-digiumphones antes de v10.12.2-digiumphones no restringe correctamente valores Content-Length, que permite a atacantes remotos realizar ataques de consumo de la pila y provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n POST HTTP manipulada. NOTA: esta vulnerabilidad se debe a una soluci\u00f3n incorrecta para CVE-2012-5976."
}
],
"id": "CVE-2013-2686",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-01T16:55:04.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
},
{
"source": "cve@mitre.org",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2685
Vulnerability from fkie_nvd - Published: 2013-04-01 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | open_source | 11.0.0 | |
| asterisk | open_source | 11.0.0 | |
| asterisk | open_source | 11.0.0 | |
| asterisk | open_source | 11.0.0 | |
| asterisk | open_source | 11.0.0 | |
| asterisk | open_source | 11.0.1 | |
| asterisk | open_source | 11.0.2 | |
| asterisk | open_source | 11.1.0 | |
| asterisk | open_source | 11.1.0 | |
| asterisk | open_source | 11.1.0 | |
| asterisk | open_source | 11.1.1 | |
| asterisk | open_source | 11.1.2 | |
| asterisk | open_source | 11.2.0 | |
| asterisk | open_source | 11.2.0 | |
| asterisk | open_source | 11.2.0 | |
| asterisk | open_source | 11.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en res/res_format_attr_h264.c en Asterisk Open Source v11.x antes de v11.2.2 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un long sprop-parameter-sets el atributo media H.264 en un SIP Protocolo de Descripci\u00f3n de Sesi\u00f3n (SDP) encabezado."
}
],
"id": "CVE-2013-2685",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-01T16:55:03.893",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20901"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2264
Vulnerability from fkie_nvd - Published: 2013-04-01 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41CA6DD3-FD39-482B-83AA-FE24055E9B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AB9A1-54B6-4C9A-8E4C-52A3BF147DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E4852C-4444-40BB-8DBB-51EC97D6BD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "602E20C8-9DFF-4D11-8F1E-F7E943E8FE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DC5CE37E-7BAC-45D5-AD09-8823D893627C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B38DE1B4-44CF-4199-B739-5880F6492216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B25558F4-2DF6-4C00-969F-67F7C2A05668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8EFFEF57-8097-42B1-AC4F-20CEFAC4AFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6DFF8BD7-7287-40B2-8BAC-46C85440882D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C94601-5C7E-4B9B-A8C9-A78C7E529864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1926E877-9EA2-457B-B501-6E07760B38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "604956F2-5FE8-4D0A-A5EF-20E6D0E89933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42D8445A-8F8D-47D3-BBE4-687BD00D2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9DF848-DEFC-4F1C-81BF-BFD2E142565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BBB8E443-4A8D-405D-AF18-D56EE3D3AB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5BAE4B32-F771-4DEA-9665-C862F3BA38B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21E8BAFB-6973-48DE-9835-93464882712A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57BF8BF0-DAD0-472B-9A13-34633F2BED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "06E40764-4AFD-4DAA-BC96-46881EB55F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "412E6FAF-60A4-44DF-A1E5-BFBB127367B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBFEE9B-B3D5-4659-A833-03804A010474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F127574-4C2A-4D0D-9601-B369C9E75BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A58518-4619-4B6C-A01E-875E7A02B563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A56402C5-9408-4A7C-A6BF-DF1707EE19F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "145FF5F2-E4DC-42AD-B320-A9A82D517073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "217B4501-AEBA-4417-87D8-0C18779F16F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3784F3AC-0A54-4453-85C9-33C5AF05564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39900193-C2F2-424E-95A9-B7EF637A3F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "589B3B1E-5BCB-4BA3-B4A6-CD9FAF8AD05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B5C6294-7BB5-4749-8F90-7AB3786696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D3320-3A6E-4756-9314-78E5027CDD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC59D23-316D-43FC-9BA9-67E8BDAF5F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59556035-E04B-4350-BD3B-A3935C28C6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F73501-BE0D-4130-8077-D5D853E91F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C72C50B-12C1-4A1C-B51F-F66244C18CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D3A3D9A-9F63-44FD-BF14-2DC3AE8C0D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56C40572-5FBE-4A39-AF3D-A335873BF660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "844232F0-D524-44E0-B420-2992BC0FED11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D73A9C29-4270-4126-9D6B-3780F6F3D7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A402F4F2-73BC-49B1-B5DD-9231F090BFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "410D67F4-C941-4CBE-8D82-673217EE7FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45244F02-B71A-4692-BDAD-34C37ACAB676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA73D5CD-0BBC-42EF-9693-265A0566E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0574B440-5004-4F47-B657-1672E9092A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1F128-276F-4883-A93C-D5C7282925DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5392F1-57AC-4208-9646-42098CCEF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D11D64C-6E1F-4014-88D2-F5FB61D66C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "036281DD-6F0A-4810-A1D3-952077896808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2749712C-929A-43F4-B58A-F9F777DBD84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92AD9878-F87D-43AC-BE2B-514977F5A182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A9089A8-55D4-4992-BAC0-FE5BE3E2F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F33E93C3-D4A3-4A38-84E1-0D3CB8915418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A1EE57-D8ED-4A2E-BE71-043E06EA4F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BC400500-F1CF-4D13-A18E-25B5EE70F3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A215C07A-6E8C-4EEB-AD94-68A75BE7DB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9764E3-DA33-4A31-97C7-E523D6DE6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "703FBE7B-CAD4-43B4-920D-DFC28CFFB7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "00750678-5A5E-4A75-A405-3D42E1CB147A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31228737-2F7E-434A-B4FE-E1C9BB71D893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A84F1317-E44E-4CD4-8979-DC335AD8B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D358E8-6399-4568-9ECC-CA084B80129C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1DC34227-26A7-44C1-B5CB-C7328134316B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2E2701A-489E-4A9C-9E5C-01661E599BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13892E-0D45-438B-A126-439335B47C90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*",
"matchCriteriaId": "E6025382-31C8-4227-B44F-856FD014B283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*",
"matchCriteriaId": "0DAEE2C6-008C-476D-8464-3C616E5CA805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*",
"matchCriteriaId": "688A1BA8-A195-41E9-812D-F4400EFA5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*",
"matchCriteriaId": "177A2158-B36D-4B6D-9FEA-2DF32830AE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A84E1FF-10CB-45AA-B2EC-6FB6E78C6D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83726255-3A94-49A7-A43F-414CA0A814FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72528F09-D212-4CE8-A2B7-7A6CFCB9A199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC99E3-65A4-4BD4-9421-49F9E6D828A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9FB6BA-1281-4097-8A70-62B691468C63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0188A765-4376-4EDC-8070-74B6882253B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "98F95DCC-6B40-42D6-BDA4-8BBE5C4AB4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "28051F65-0862-438F-B4D6-1F7F1B93A76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "344BE33A-2345-48C4-91EB-58C4EC2499B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C38C7220-D25C-4399-A414-0541A44DCD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E69A7B6F-1D33-471D-80B2-37D30817FD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA77C-2D86-4815-905F-78B9B55B4790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4C5D9FD-24AD-4C73-ACA3-924AA2D4C041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "039D01BB-9B67-467B-9E5D-89208C4F9595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7DFEB-9DDF-4DE7-A295-869F810FD5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C0C0F3B5-97EF-4806-AD51-DD201F35F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E08D0CC7-7339-4468-9CC6-7007D859160C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "ACAF81C5-D3B2-4D7E-BD1F-2FFCEDE3E2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3146A017-A6A5-4C3D-8138-EBE552A99F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEECF41-6AFA-4067-ADB4-EA53A6C77740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "271F0ACA-F4F5-4FD9-8F39-56722EE40D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AEAF9BED-896B-4E0D-AE2A-65ADA2B96876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32A45F41-BA2A-4878-82BA-2C1EE3301708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AAEBB11B-AC3A-46C2-94F6-7B68994E47C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "28A8C554-04E9-4A86-B2CA-12B19BF5BD9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CC2E7D4E-2713-4F50-A646-8643FA31C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "295AE899-CE46-4904-AA88-F05D857D50F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC070B60-E90E-432F-AF02-5BCD6CFA8902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6FE1237-4974-4F87-BB44-1608D5879856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14248FC6-A833-4918-AC6D-94DC75E28D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FA03327-13B9-488D-A1D7-59AB07926B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC53629-1F20-4B22-9465-63250F917007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F912BF-1512-45E8-9035-750F083D60B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "540F8042-4B26-4078-ACE7-DBAC45D4FA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC68FD-F05E-4821-BAA1-5A871C8C39AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6093D29F-64F8-4E3E-B6C4-646D0D6A6B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9424B04A-6262-4E31-BFD3-F5849EF32771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39147BA2-6F85-4E88-A896-B5F5C571A835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A54E95F9-2CFC-43C6-AF6B-44ABC5555C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB53F9D1-14EC-4B00-9A72-E086D2EB27F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4C48AD83-84B9-4A92-8C88-FC4F966644DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39202DF6-359E-4A62-98B4-D42A5F899717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7134E96-F5EF-4E87-9B11-DAA2A1D90761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2A761C15-53E2-4BDC-AF7B-86BCB7F10466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3288F41-D446-4899-9AC7-60EB72145ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44027DC7-1BD6-4F17-AD4F-6D6457B779FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "170DEF44-9D18-4C9E-919F-5B7CC2C7D727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1674C43B-51DE-484C-8B87-CF3256589BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEFB68A-9C07-468F-A118-315D8DB21897",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur."
},
{
"lang": "es",
"value": "El controlador del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.20.2, v10.x antes v10.12.2 y v11.2.2 anterior a v11.x; Certified Asterisk v1.8.15 antes v1.8.15-cert2, Asterisk Business Edition (BE) vC.3.x antes vC.3.8.1 y Digiumphones Asterisk 10.x-digiumphones antes v10.12.2-digiumphones muestra un comportamiento diferente para transacciones INVITE, SUBSCRIBE y REGISTER inv\u00e1lidas en funci\u00f3n de si la cuenta de usuario existe, lo que permite a atacantes remotos para enumerar los nombres de cuenta de (1) los c\u00f3digos de estado HTTP de lectura, (2) la lectura de un texto adicional en un 403 (tambi\u00e9n conocido como Forbidden) respuesta, o (3) observando si se producen ciertas retransmisiones."
}
],
"id": "CVE-2013-2264",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-01T16:55:03.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2013-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-21013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2186
Vulnerability from fkie_nvd - Published: 2012-08-31 14:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA9DBB3-1008-4CC8-B81B-991F286A6C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47805A52-856B-4C30-A04F-0B683FDBE075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48300C6F-FAF2-4F0A-959F-4B1801AE7D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA237F1-0378-4B8C-9981-B3B47BCB3C50",
"versionEndIncluding": "1.8.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB76519-FD6D-4D74-8DF7-719822588C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC77FCCF-EE5C-4121-A0AF-B9DC71E72C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33423-6093-4DC9-BCFF-77003776373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6558058-33DA-43F1-9690-5DA11D5CC713",
"versionEndIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:*:cert5:*:*:*:*:*:*",
"matchCriteriaId": "345918B8-ABB8-4E60-A3AD-C006AD24FEC4",
"versionEndIncluding": "1.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*",
"matchCriteriaId": "F7C792E2-FBBA-4F1D-8842-5E47B4365FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*",
"matchCriteriaId": "B14F1E15-52B4-4947-83EA-85D535FFB55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*",
"matchCriteriaId": "02461B94-32BA-487E-9E9E-D9B5AAAFF602",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:digiumphones:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7438E927-F320-4E40-AE4E-F571483A5D2F",
"versionEndIncluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:business_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94539528-4DD3-4BB6-BFFE-920A3937A665",
"versionEndIncluding": "c.3.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17D78AA8-AF67-4343-A9B0-EFC63D8CC4BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en main/manager.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-8.1.11 antes de cert6, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n aprovech\u00e1ndose de los privilegios de origen y proporcionando un valor ExternalIVR en una acci\u00f3n IAM Originate.\r\n"
}
],
"id": "CVE-2012-2186",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T14:55:00.950",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id?1027460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027460"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2948
Vulnerability from fkie_nvd - Published: 2012-06-02 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
"matchCriteriaId": "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
"matchCriteriaId": "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85522E25-E76C-4CCF-AB7C-A74E1703D919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D9B19-BD1E-4E1C-A1C3-6C64A6612233",
"versionEndIncluding": "1.8.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB76519-FD6D-4D74-8DF7-719822588C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7D4883-79E3-4DD1-A555-136A0664E94E",
"versionEndIncluding": "10.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode."
},
{
"lang": "es",
"value": "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (eliminar la referencia del puntero NULL y ca\u00edda demonio) por el cierre de una conexi\u00f3n en el modo de descuelgue."
}
],
"id": "CVE-2012-2948",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-02T15:55:01.027",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
},
{
"source": "cve@mitre.org",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49303"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2414
Vulnerability from fkie_nvd - Published: 2012-04-30 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1442DC6C-2248-41E7-BDB4-084B123A6B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F1A4AAE7-00D5-490B-AA19-A42508ECBC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DC64764B-C531-419C-8BB8-30C5F63C7EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7A5F9E61-B614-4C47-82AC-D16B457C266C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "20FE8D05-A577-4EEC-ABBA-8051582975F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4A216714-9F2B-45D7-B2A7-1F67751EA967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "42417475-610C-4A81-8B02-794640F8DDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5A259435-BBB8-453B-82D3-2E4EE3BD9371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5834D5D3-F6FD-44C0-B7C1-34D715141A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F894080-DE73-4005-B2FE-E431F38D7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F70BA9D-6EDA-4859-90D1-EB69B48C2B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "33428429-33B5-4312-97E3-9A4B8A8F4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6E2126-B737-4C88-A66A-B88CB16476D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E6992A-73EB-401D-A905-D53313F28727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31C3345E-4260-4636-83DB-887F0733D7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "95C61533-C030-4B97-A94C-E44315BB6FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91D670A7-2D38-4C50-96C2-3F3CA0F43515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39C637DF-5963-4C7C-8EF1-9A44E94AFE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8452C108-EF47-4C57-A505-D5B5AD5B1C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "40411DE4-CBDB-40D2-95A2-800EB554D1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "519DF434-8CF5-4F5E-80EF-4BBDA94DCD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DD7471-1DA5-44EC-BD21-B0E0BFC58B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9520C54-8FD9-45FC-B64F-4E06D7E3E66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9226B072-E5CF-40F7-B48D-8982054D1D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AC3B7AB5-FDC5-4175-B519-F749BE62AF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7CA9765-F31C-41CF-9911-02E4309715E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A7A94C77-0762-45E8-9869-98D0E5F164E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0D2EE6-EDB9-4A0C-B31E-0B941DB912D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FDC7A9FA-5424-4A04-94D2-079FAF09BD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "952F6925-EE1F-49EC-84A6-53A1A375FDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "83E972B3-9787-47C9-9420-C66AE9C48CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F90ABE6-6B41-49BD-84BA-69A7BFEC23E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C76827E-FA7E-42D3-A8E0-12566B461AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C35260-7A25-4259-B158-D5F825DB881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16F66401-3A90-440F-88FD-C738806D168F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E323B610-AC45-4D24-87B9-0092AA9EFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA54B75D-08C0-4182-8345-266240396A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7B9A8A55-2D6B-4434-BBD1-C7D80D0132C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDA8DC8-7299-4DC5-9426-524F6EEF75F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37C926F8-EC9F-49DD-8490-621843D41946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4795C86-CC4A-462A-B87A-FD32EA2889C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C03CED60-D582-493B-8D7C-FB3CB81D3647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8FFBAFC0-B9C6-40F3-B7EF-DE6F23F8D644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35358757-6A14-48A0-BE40-B05F9A7451A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9B2CD0-0C61-4C9C-8B42-EA64D22BBE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "13D262E7-7A67-4622-8416-748519C80CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0DCFB72-505A-486E-A096-87AB639F4710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C44F91FC-DC0C-4BB9-9FD0-1C7AAEA3D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0316776E-CD3B-4DEF-ABCA-5806A398E327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E83FA56-DC43-4E3F-B9EB-136DE64E78A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5646D4C3-8491-4735-97A6-26688523512F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90F7E035-9464-4921-8859-5854D47347B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE2F8D1-EC83-4CD8-A565-F59DCEC71120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4B763606-23A8-4159-9ECF-0766B13E8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56E892-06D2-496A-ADFD-CBEC70DA1E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01FF3C-5BA1-4758-97B4-633A20AB4C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7A201AA6-B612-476C-9555-870B58FE3169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7889CE9-E2AB-4590-B447-ACCB21CB8E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "981A63D1-B6E2-4A38-8FB6-883E08BCE12F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF33946-9E1F-4992-BA76-46227BDC1885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB9FF6-100C-4643-9E34-9EC43F214C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4A30A7DF-2754-4C03-92F7-0028613C7165",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action."
},
{
"lang": "es",
"value": "main/manager.c en el Manager Interface en Asterisk Open source v1.6.2.x anterior a v1.6.2.24, v1.8.x anterior a v1.8.11.1, y v10.x anterior a v10.3.1 y Asterisk Business Edition C.3.x anterior a C .3.7.4 no asegura adecuadamente los requisitos de autorizaci\u00f3n de la clase System, permitiendo a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) la acci\u00f3n origen en la aplicaci\u00f3n MixMonitor, (2) la SHELL y funciones EVAL en el gestor de acci\u00f3n GetVar, o (3) la SHELL y funciones EVAL en el gestor de acci\u00f3n Status."
}
],
"id": "CVE-2012-2414",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-30T20:55:02.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81454"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48941"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2415
Vulnerability from fkie_nvd - Published: 2012-04-30 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1442DC6C-2248-41E7-BDB4-084B123A6B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F1A4AAE7-00D5-490B-AA19-A42508ECBC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DC64764B-C531-419C-8BB8-30C5F63C7EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7A5F9E61-B614-4C47-82AC-D16B457C266C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "20FE8D05-A577-4EEC-ABBA-8051582975F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4A216714-9F2B-45D7-B2A7-1F67751EA967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "42417475-610C-4A81-8B02-794640F8DDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5A259435-BBB8-453B-82D3-2E4EE3BD9371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5834D5D3-F6FD-44C0-B7C1-34D715141A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F894080-DE73-4005-B2FE-E431F38D7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F70BA9D-6EDA-4859-90D1-EB69B48C2B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "33428429-33B5-4312-97E3-9A4B8A8F4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6E2126-B737-4C88-A66A-B88CB16476D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E6992A-73EB-401D-A905-D53313F28727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31C3345E-4260-4636-83DB-887F0733D7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "95C61533-C030-4B97-A94C-E44315BB6FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91D670A7-2D38-4C50-96C2-3F3CA0F43515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39C637DF-5963-4C7C-8EF1-9A44E94AFE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8452C108-EF47-4C57-A505-D5B5AD5B1C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "40411DE4-CBDB-40D2-95A2-800EB554D1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "519DF434-8CF5-4F5E-80EF-4BBDA94DCD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DD7471-1DA5-44EC-BD21-B0E0BFC58B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9520C54-8FD9-45FC-B64F-4E06D7E3E66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9226B072-E5CF-40F7-B48D-8982054D1D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AC3B7AB5-FDC5-4175-B519-F749BE62AF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7CA9765-F31C-41CF-9911-02E4309715E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A7A94C77-0762-45E8-9869-98D0E5F164E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0D2EE6-EDB9-4A0C-B31E-0B941DB912D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FDC7A9FA-5424-4A04-94D2-079FAF09BD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "952F6925-EE1F-49EC-84A6-53A1A375FDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "83E972B3-9787-47C9-9420-C66AE9C48CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F90ABE6-6B41-49BD-84BA-69A7BFEC23E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C76827E-FA7E-42D3-A8E0-12566B461AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C35260-7A25-4259-B158-D5F825DB881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16F66401-3A90-440F-88FD-C738806D168F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E323B610-AC45-4D24-87B9-0092AA9EFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA54B75D-08C0-4182-8345-266240396A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7B9A8A55-2D6B-4434-BBD1-C7D80D0132C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDA8DC8-7299-4DC5-9426-524F6EEF75F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37C926F8-EC9F-49DD-8490-621843D41946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4795C86-CC4A-462A-B87A-FD32EA2889C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C03CED60-D582-493B-8D7C-FB3CB81D3647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8FFBAFC0-B9C6-40F3-B7EF-DE6F23F8D644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35358757-6A14-48A0-BE40-B05F9A7451A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9B2CD0-0C61-4C9C-8B42-EA64D22BBE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "13D262E7-7A67-4622-8416-748519C80CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0DCFB72-505A-486E-A096-87AB639F4710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C44F91FC-DC0C-4BB9-9FD0-1C7AAEA3D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0316776E-CD3B-4DEF-ABCA-5806A398E327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E83FA56-DC43-4E3F-B9EB-136DE64E78A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5646D4C3-8491-4735-97A6-26688523512F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90F7E035-9464-4921-8859-5854D47347B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE2F8D1-EC83-4CD8-A565-F59DCEC71120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4B763606-23A8-4159-9ECF-0766B13E8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56E892-06D2-496A-ADFD-CBEC70DA1E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01FF3C-5BA1-4758-97B4-633A20AB4C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7A201AA6-B612-476C-9555-870B58FE3169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7889CE9-E2AB-4590-B447-ACCB21CB8E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "981A63D1-B6E2-4A38-8FB6-883E08BCE12F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF33946-9E1F-4992-BA76-46227BDC1885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB9FF6-100C-4643-9E34-9EC43F214C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4A30A7DF-2754-4C03-92F7-0028613C7165",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en chan_skinny.c en el driver Skinny en Asterisk Open Source v1.6.2.x anterior a v1.6.2.24, v1.8.x anterior a v1.8.11.1, y v10.x anterior a v10.3.1, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue) o tener otro impacto no especificado mediante una serie de eventos KEYPAD_BUTTON_MESSAGE"
}
],
"id": "CVE-2012-2415",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-30T20:55:02.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81455"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48941"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53210"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026962"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2416
Vulnerability from fkie_nvd - Published: 2012-04-30 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1442DC6C-2248-41E7-BDB4-084B123A6B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F1A4AAE7-00D5-490B-AA19-A42508ECBC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DC64764B-C531-419C-8BB8-30C5F63C7EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7A5F9E61-B614-4C47-82AC-D16B457C266C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "20FE8D05-A577-4EEC-ABBA-8051582975F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4A216714-9F2B-45D7-B2A7-1F67751EA967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "42417475-610C-4A81-8B02-794640F8DDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5A259435-BBB8-453B-82D3-2E4EE3BD9371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5834D5D3-F6FD-44C0-B7C1-34D715141A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F894080-DE73-4005-B2FE-E431F38D7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F70BA9D-6EDA-4859-90D1-EB69B48C2B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "33428429-33B5-4312-97E3-9A4B8A8F4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6E2126-B737-4C88-A66A-B88CB16476D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E6992A-73EB-401D-A905-D53313F28727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31C3345E-4260-4636-83DB-887F0733D7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "95C61533-C030-4B97-A94C-E44315BB6FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91D670A7-2D38-4C50-96C2-3F3CA0F43515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "39C637DF-5963-4C7C-8EF1-9A44E94AFE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8452C108-EF47-4C57-A505-D5B5AD5B1C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "40411DE4-CBDB-40D2-95A2-800EB554D1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "519DF434-8CF5-4F5E-80EF-4BBDA94DCD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DD7471-1DA5-44EC-BD21-B0E0BFC58B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9520C54-8FD9-45FC-B64F-4E06D7E3E66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9226B072-E5CF-40F7-B48D-8982054D1D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AC3B7AB5-FDC5-4175-B519-F749BE62AF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E7CA9765-F31C-41CF-9911-02E4309715E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A7A94C77-0762-45E8-9869-98D0E5F164E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0D2EE6-EDB9-4A0C-B31E-0B941DB912D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FDC7A9FA-5424-4A04-94D2-079FAF09BD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "952F6925-EE1F-49EC-84A6-53A1A375FDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "83E972B3-9787-47C9-9420-C66AE9C48CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F90ABE6-6B41-49BD-84BA-69A7BFEC23E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C76827E-FA7E-42D3-A8E0-12566B461AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C35260-7A25-4259-B158-D5F825DB881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16F66401-3A90-440F-88FD-C738806D168F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E323B610-AC45-4D24-87B9-0092AA9EFF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA54B75D-08C0-4182-8345-266240396A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7B9A8A55-2D6B-4434-BBD1-C7D80D0132C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDA8DC8-7299-4DC5-9426-524F6EEF75F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37C926F8-EC9F-49DD-8490-621843D41946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4795C86-CC4A-462A-B87A-FD32EA2889C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C03CED60-D582-493B-8D7C-FB3CB81D3647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8FFBAFC0-B9C6-40F3-B7EF-DE6F23F8D644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35358757-6A14-48A0-BE40-B05F9A7451A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9B2CD0-0C61-4C9C-8B42-EA64D22BBE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "13D262E7-7A67-4622-8416-748519C80CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E0DCFB72-505A-486E-A096-87AB639F4710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C44F91FC-DC0C-4BB9-9FD0-1C7AAEA3D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0316776E-CD3B-4DEF-ABCA-5806A398E327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E83FA56-DC43-4E3F-B9EB-136DE64E78A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5646D4C3-8491-4735-97A6-26688523512F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90F7E035-9464-4921-8859-5854D47347B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE2F8D1-EC83-4CD8-A565-F59DCEC71120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4B763606-23A8-4159-9ECF-0766B13E8200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56E892-06D2-496A-ADFD-CBEC70DA1E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01FF3C-5BA1-4758-97B4-633A20AB4C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7A201AA6-B612-476C-9555-870B58FE3169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7889CE9-E2AB-4590-B447-ACCB21CB8E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "981A63D1-B6E2-4A38-8FB6-883E08BCE12F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF33946-9E1F-4992-BA76-46227BDC1885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB9FF6-100C-4643-9E34-9EC43F214C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.6.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4A30A7DF-2754-4C03-92F7-0028613C7165",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEDE38-79FE-4B21-BE42-E8AA14475AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC295454-D897-425C-BFC8-91A72865A132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CAC942FB-83A2-4698-B410-F4C6AED0849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7128AC5-5DD7-4BD3-B14C-4ADA155DD5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C32DA-44CE-4407-84B2-02B0D0474000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B032B5-06AB-4ABE-B51E-DE5C13458C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "518A8882-B1A6-408E-9B39-F01034A50190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33168AF-A3FB-4694-9DC8-CC28A7C3B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6880B042-11B1-430F-90A1-70F93FC5BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E55A7B81-4661-4E77-94FE-DA8D6261DC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "911CCAF6-6E29-43B6-AF76-909016CD46ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964672AE-C840-465E-BE8A-8E19D9C060AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48827211-8F2F-4801-A5CD-77B07D1DD320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2463AD2-B341-494C-87AF-73B69B75D162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5DACA8-EBD6-4854-A32E-EDBD8C28B3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "335F9C06-5E40-4E14-B018-15151E14414D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel."
},
{
"lang": "es",
"value": "chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anterior a v1.8.11.1 y v10.x anterior a v10.3.1 y Asterisk Business Edition C.3.x anterior a C.3.7.4, cuando la opci\u00f3n trustrpid est\u00e1 activada, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante el env\u00edo de un mensaje de actualizaci\u00f3n SIP que desencadena un intento de actualizaci\u00f3n de la l\u00ednea conectada sin un canal asociado."
}
],
"id": "CVE-2012-2416",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-30T20:55:02.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81456"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53205"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026963"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"source": "cve@mitre.org",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2012-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19770"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}