Lucene search
HistoryJul 06, 2011 - 7:55 p.m.
CVE-2011-2529
asterisk
open source
sip
channel driver
vulnerability
cve-2011-2529
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.2 High
AI Score
Confidence
High
0.066 Low
EPSS
Percentile
93.8%
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle ‘\0’ characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
Affected configurations
Node
digiumasteriskMatch1.6.0
ORdigiumasteriskMatch1.6.0beta1
ORdigiumasteriskMatch1.6.0beta2
ORdigiumasteriskMatch1.6.0beta3
ORdigiumasteriskMatch1.6.0beta4
ORdigiumasteriskMatch1.6.0beta5
ORdigiumasteriskMatch1.6.0beta6
ORdigiumasteriskMatch1.6.0beta7
ORdigiumasteriskMatch1.6.0beta7.1
ORdigiumasteriskMatch1.6.0beta8
ORdigiumasteriskMatch1.6.0beta9
ORdigiumasteriskMatch1.6.0rc4
ORdigiumasteriskMatch1.6.0rc5
ORdigiumasteriskMatch1.6.0rc6
ORdigiumasteriskMatch1.6.0.1
ORdigiumasteriskMatch1.6.0.2
ORdigiumasteriskMatch1.6.0.3
ORdigiumasteriskMatch1.6.0.3rc1
ORdigiumasteriskMatch1.6.0.4rc1
ORdigiumasteriskMatch1.6.0.5
ORdigiumasteriskMatch1.6.0.6
ORdigiumasteriskMatch1.6.0.7
ORdigiumasteriskMatch1.6.0.8
ORdigiumasteriskMatch1.6.0.9
ORdigiumasteriskMatch1.6.0.10
ORdigiumasteriskMatch1.6.0.11
ORdigiumasteriskMatch1.6.0.11rc1
ORdigiumasteriskMatch1.6.0.11rc2
ORdigiumasteriskMatch1.6.0.12
ORdigiumasteriskMatch1.6.0.13
ORdigiumasteriskMatch1.6.0.14
ORdigiumasteriskMatch1.6.0.14rc1
ORdigiumasteriskMatch1.6.0.15
ORdigiumasteriskMatch1.6.0.16
ORdigiumasteriskMatch1.6.0.16rc1
ORdigiumasteriskMatch1.6.0.16rc2
ORdigiumasteriskMatch1.6.0.17
ORdigiumasteriskMatch1.6.0.18
ORdigiumasteriskMatch1.6.0.18rc1
ORdigiumasteriskMatch1.6.0.18rc2
ORdigiumasteriskMatch1.6.0.18rc3
ORdigiumasteriskMatch1.6.0.19
ORdigiumasteriskMatch1.6.0.20rc1
ORdigiumasteriskMatch1.6.0.21
ORdigiumasteriskMatch1.6.0.21rc1
ORdigiumasteriskMatch1.6.0.22
ORdigiumasteriskMatch1.6.0.23rc2
ORdigiumasteriskMatch1.6.0.24
ORdigiumasteriskMatch1.6.0.25
ORdigiumasteriskMatch1.6.0.26
ORdigiumasteriskMatch1.6.1
ORdigiumasteriskMatch1.6.1beta1
ORdigiumasteriskMatch1.6.1beta2
ORdigiumasteriskMatch1.6.1beta3
ORdigiumasteriskMatch1.6.1beta4
ORdigiumasteriskMatch1.6.1rc1
ORdigiumasteriskMatch1.6.1.0
ORdigiumasteriskMatch1.6.1.0rc2
ORdigiumasteriskMatch1.6.1.0rc3
ORdigiumasteriskMatch1.6.1.0rc4
ORdigiumasteriskMatch1.6.1.0rc5
ORdigiumasteriskMatch1.6.1.1
ORdigiumasteriskMatch1.6.1.2
ORdigiumasteriskMatch1.6.1.3rc1
ORdigiumasteriskMatch1.6.1.4
ORdigiumasteriskMatch1.6.1.5
ORdigiumasteriskMatch1.6.1.5rc1
ORdigiumasteriskMatch1.6.1.6
ORdigiumasteriskMatch1.6.1.7rc1
ORdigiumasteriskMatch1.6.1.7rc2
ORdigiumasteriskMatch1.6.1.8
ORdigiumasteriskMatch1.6.1.9
ORdigiumasteriskMatch1.6.1.10
ORdigiumasteriskMatch1.6.1.10rc1
ORdigiumasteriskMatch1.6.1.10rc2
ORdigiumasteriskMatch1.6.1.10rc3
ORdigiumasteriskMatch1.6.1.11
ORdigiumasteriskMatch1.6.1.12
ORdigiumasteriskMatch1.6.1.12rc1
ORdigiumasteriskMatch1.6.1.13
ORdigiumasteriskMatch1.6.1.13rc1
ORdigiumasteriskMatch1.6.1.14
ORdigiumasteriskMatch1.6.1.15rc2
ORdigiumasteriskMatch1.6.1.16
ORdigiumasteriskMatch1.6.1.17
ORdigiumasteriskMatch1.6.1.18
ORdigiumasteriskMatch1.6.1.18rc1
ORdigiumasteriskMatch1.6.1.18rc2
ORdigiumasteriskMatch1.6.1.19
ORdigiumasteriskMatch1.6.1.19rc1
ORdigiumasteriskMatch1.6.1.19rc2
ORdigiumasteriskMatch1.6.1.19rc3
ORdigiumasteriskMatch1.6.1.20
ORdigiumasteriskMatch1.6.1.20rc1
ORdigiumasteriskMatch1.6.1.20rc2
ORdigiumasteriskMatch1.6.1.21
ORdigiumasteriskMatch1.6.1.22
ORdigiumasteriskMatch1.6.1.23
ORdigiumasteriskMatch1.6.1.24
ORdigiumasteriskMatch1.6.2.0
ORdigiumasteriskMatch1.6.2.0rc2
ORdigiumasteriskMatch1.6.2.0rc3
ORdigiumasteriskMatch1.6.2.0rc4
ORdigiumasteriskMatch1.6.2.0rc5
ORdigiumasteriskMatch1.6.2.0rc6
ORdigiumasteriskMatch1.6.2.0rc7
ORdigiumasteriskMatch1.6.2.0rc8
ORdigiumasteriskMatch1.6.2.1
ORdigiumasteriskMatch1.6.2.1rc1
ORdigiumasteriskMatch1.6.2.2
ORdigiumasteriskMatch1.6.2.3rc2
ORdigiumasteriskMatch1.6.2.4
ORdigiumasteriskMatch1.6.2.5
ORdigiumasteriskMatch1.6.2.6
ORdigiumasteriskMatch1.6.2.6rc1
ORdigiumasteriskMatch1.6.2.6rc2
ORdigiumasteriskMatch1.6.2.15rc1
ORdigiumasteriskMatch1.6.2.16
ORdigiumasteriskMatch1.6.2.16rc1
ORdigiumasteriskMatch1.6.2.16.1
ORdigiumasteriskMatch1.6.2.16.2
ORdigiumasteriskMatch1.6.2.17
ORdigiumasteriskMatch1.6.2.17rc1
ORdigiumasteriskMatch1.6.2.17rc2
ORdigiumasteriskMatch1.6.2.17rc3
ORdigiumasteriskMatch1.6.2.17.1
ORdigiumasteriskMatch1.6.2.17.2
ORdigiumasteriskMatch1.6.2.17.3
ORdigiumasteriskMatch1.6.2.18
ORdigiumasteriskMatch1.6.2.18rc1
Node
digiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
ORdigiumasteriskMatch1.8.2.4
ORdigiumasteriskMatch1.8.3
ORdigiumasteriskMatch1.8.3rc1
ORdigiumasteriskMatch1.8.3rc2
ORdigiumasteriskMatch1.8.3rc3
ORdigiumasteriskMatch1.8.3.1
ORdigiumasteriskMatch1.8.3.2
ORdigiumasteriskMatch1.8.3.3
ORdigiumasteriskMatch1.8.4
ORdigiumasteriskMatch1.8.4rc1
ORdigiumasteriskMatch1.8.4rc2
ORdigiumasteriskMatch1.8.4rc3
ORdigiumasteriskMatch1.8.4.1
ORdigiumasteriskMatch1.8.4.2
References
downloads.asterisk.org/pub/security/AST-2011-008.diff
downloads.asterisk.org/pub/security/AST-2011-008.html
lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
secunia.com/advisories/45048
secunia.com/advisories/45201
secunia.com/advisories/45239
securitytracker.com/id?1025706
www.debian.org/security/2011/dsa-2276
www.osvdb.org/73307
www.securityfocus.com/bid/48431
exchange.xforce.ibmcloud.com/vulnerabilities/68203
Related
ubuntucve
ubuntucve
CVE-2011-2529
2011-07-06 00:00:00
debiancve
debiancve
CVE-2011-2529
2011-07-06 19:55:03
cvelist
cvelist
CVE-2011-2529
2011-07-06 19:00:00
prion
prion
Memory corruption
2011-07-06 19:55:00
nvd
nvd
CVE-2011-2529
2011-07-06 19:55:03
osv
osv
asterisk - multiple issues
2011-07-10 00:00:00
asterisk - multiple issues
2011-07-10 00:00:00
nessus
nessus
Debian DSA-2276-1 : asterisk - multiple denial of service
2011-07-12 00:00:00
Asterisk Multiple Channel Drivers Denial of Service (AST-2011-008 / AST-2011-009 / AST-2011-010)
2011-06-29 00:00:00
Fedora 14 : asterisk-1.6.2.19-1.fc14 (2011-8914)
2011-07-13 00:00:00
debian
debian
[SECURITY] [DSA 2276-2] asterisk regression update
2011-07-11 18:59:48
[SECURITY] [DSA 2276-1] asterisk security update
2011-07-10 15:17:03
openvas
openvas
Debian Security Advisory DSA 2276-1 (asterisk)
2011-08-03 00:00:00
Debian Security Advisory DSA 2276-2 (asterisk)
2011-08-03 00:00:00
Fedora Update for asterisk FEDORA-2011-8914
2011-07-18 00:00:00
freebsd
freebsd
Asterisk -- multiple vulnerabilities
2011-06-24 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.2 High
AI Score
Confidence
High
0.066 Low
EPSS
Percentile
93.8%
Related for CVE-2011-2529