3 matches found
CVE-2011-0495
CVE-2011-0495 affects Asterisk Open Source prior to the fixed versions listed in multiple advisories. The issue is a stack-based buffer overflow in ast_uri_encode in main/utils.c that can be triggered by crafted caller ID data and exploited via (1) SIP channel driver, (2) URIENCODE dialplan funct...
CVE-2009-3727
CVE-2009-3727 affects Asterisk Open Source (various 1.2.x, 1.4.x, 1.6.x lineages; Business Edition; AsteriskNOW; s800i). Root cause: different error messages for valid/invalid SIP usernames via crafted REGISTER messages, enabling remote username enumeration via inconsistent To header URI and Dige...
CVE-2011-1147
CVE-2011-1147 affects Asterisk Open Source and related builds: stack/heap buffer overflows in the UDPTL handling (decode_open_type and udptl_rx_packet) may allow a remote attacker to crash the process or execute arbitrary code. Affected products include Asterisk Open Source 1.4.x before 1.4.39.2,...