Asterisk@1.6.1 Security Vulnerabilities and Issues — Asterisk@1.6.1 CVE List

Lucene search

DigiumAsterisk1.6.1

7 matches found

CVE•added 2010/04/01 9:30 p.m.•76 views

CVE-2010-1224

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow r...

4.3CVSS6.8AI score0.01EPSS

CVE•added 2011/07/06 7:55 p.m.•63 views

CVE-2011-2529

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a craft...

5CVSS7.2AI score0.03361EPSS

CVE•added 2009/07/30 8:0 p.m.•62 views

CVE-2009-2651

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

5CVSS6.5AI score0.00071EPSS

CVE•added 2011/03/31 10:55 p.m.•61 views

CVE-2011-1174

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.

5CVSS6.3AI score0.0029EPSS

CVE•added 2011/03/31 10:55 p.m.•60 views

CVE-2011-1175

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain...

5CVSS6.4AI score0.00284EPSS

CVE•added 2010/02/23 8:30 p.m.•59 views

CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

5CVSS6.6AI score0.00093EPSS

CVE•added 2009/03/11 2:19 p.m.•49 views

CVE-2009-0871

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without...

3.5CVSS6.2AI score0.02947EPSS