7.5
CVE-2008-1289
- EPSS 28.37%
- Published 24.03.2008 17:44:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Data is provided by the National Vulnerability Database (NVD)
Asterisk ≫ Asterisk Appliance Developer Kit Version1.4
Asterisk ≫ Asterisk Business Edition Version <= c.1.0-beta8
Asterisk ≫ Asterisk Business Edition Version <= c.1.0beta7
Asterisk ≫ Asterisknow Version <= 1.0.1
Asterisk ≫ Open Source Version <= 1.4.18
Asterisk ≫ Open Source Updaterc-2 Version <= 1.4.19
Asterisk ≫ Open Source Version <= 1.6.0_beta5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 28.37% | 0.963 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.