Lucene search

[email protected]NVD:CVE-2010-0441

HistoryFeb 04, 2010 - 8:15 p.m.

CVE-2010-0441

2010-02-0420:15:24

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.342 Low

EPSS

Percentile

97.1%

JSON

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

Affected configurations

NVD

Node

asteriskasteriskMatch1.6.0

asteriskasteriskMatch1.6.0.1

asteriskasteriskMatch1.6.0.2

asteriskasteriskMatch1.6.0.3

asteriskasteriskMatch1.6.0.5

asteriskasteriskMatch1.6.0.6

asteriskasteriskMatch1.6.0.7

asteriskasteriskMatch1.6.0.8

asteriskasteriskMatch1.6.0.9

asteriskasteriskMatch1.6.0.10

asteriskasteriskMatch1.6.0.12

asteriskasteriskMatch1.6.0.13

asteriskasteriskMatch1.6.0.14

asteriskasteriskMatch1.6.0.15

asteriskasteriskMatch1.6.0.16-rc1

asteriskasteriskMatch1.6.0.16-rc2

asteriskasteriskMatch1.6.0.17

asteriskasteriskMatch1.6.0.18

asteriskasteriskMatch1.6.0.18-rc1

asteriskasteriskMatch1.6.0.18-rc2

asteriskasteriskMatch1.6.0.18-rc3

asteriskasteriskMatch1.6.0.19

asteriskasteriskMatch1.6.0.20

asteriskasteriskMatch1.6.0.20-rc1

asteriskasteriskMatch1.6.0.21

asteriskasteriskMatch1.6.0.21-rc1

asteriskasteriskMatch1.6.1.0

asteriskasteriskMatch1.6.1.1

asteriskasteriskMatch1.6.1.2

asteriskasteriskMatch1.6.1.4

asteriskasteriskMatch1.6.1.5

asteriskasteriskMatch1.6.1.6

asteriskasteriskMatch1.6.1.7-rc1

asteriskasteriskMatch1.6.1.7-rc2

asteriskasteriskMatch1.6.1.8

asteriskasteriskMatch1.6.1.9

asteriskasteriskMatch1.6.1.10

asteriskasteriskMatch1.6.1.10-rc1

asteriskasteriskMatch1.6.1.10-rc2

asteriskasteriskMatch1.6.1.10-rc3

asteriskasteriskMatch1.6.1.11

asteriskasteriskMatch1.6.1.12

asteriskasteriskMatch1.6.1.12-rc1

asteriskasteriskMatch1.6.1.13

asteriskasteriskMatch1.6.1.13-rc1

asteriskasteriskMatch1.6.2.1

asteriskasteriskMatch1.6.2.1-rc1

asteriskasteriskMatch1.6.10-rc1

asteriskasteriskMatch1.6.10-rc2

asteriskasteriskMatchc.3.1.0business

asteriskasteriskMatchc.3.1.1business

asteriskasteriskMatchc.3.2.2business

asteriskasteriskMatchc.3.3.3business

References

downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff

downloads.asterisk.org/pub/security/AST-2010-001.html

lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html

secunia.com/advisories/38395

secunia.com/advisories/39096

securitytracker.com/id?1023532

www.securityfocus.com/archive/1/509327/100/0/threaded

www.securityfocus.com/bid/38047

www.vupen.com/english/advisories/2010/0289

issues.asterisk.org/view.php?id=16517

issues.asterisk.org/view.php?id=16634

issues.asterisk.org/view.php?id=16724

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.342 Low

EPSS

Percentile

97.1%

JSON

Related for NVD:CVE-2010-0441

openvas5 securityvulns2 ubuntucve1 altlinux1 debiancve1 prion1 cvelist1 nessus2 cve1 fedora2