CVE-2010-0441

EPSS 3.53%
Veröffentlicht 04.02.2010 20:15:24
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asterisk ≫ Asterisk Version1.6.0

Asterisk ≫ Asterisk Version1.6.0.1

Asterisk ≫ Asterisk Version1.6.0.2

Asterisk ≫ Asterisk Version1.6.0.3

Asterisk ≫ Asterisk Version1.6.0.5

Asterisk ≫ Asterisk Version1.6.0.6

Asterisk ≫ Asterisk Version1.6.0.7

Asterisk ≫ Asterisk Version1.6.0.8

Asterisk ≫ Asterisk Version1.6.0.9

Asterisk ≫ Asterisk Version1.6.0.10

Asterisk ≫ Asterisk Version1.6.0.12

Asterisk ≫ Asterisk Version1.6.0.13

Asterisk ≫ Asterisk Version1.6.0.14

Asterisk ≫ Asterisk Version1.6.0.15

Asterisk ≫ Asterisk Version1.6.0.16-rc1

Asterisk ≫ Asterisk Version1.6.0.16-rc2

Asterisk ≫ Asterisk Version1.6.0.17

Asterisk ≫ Asterisk Version1.6.0.18

Asterisk ≫ Asterisk Version1.6.0.18-rc1

Asterisk ≫ Asterisk Version1.6.0.18-rc2

Asterisk ≫ Asterisk Version1.6.0.18-rc3

Asterisk ≫ Asterisk Version1.6.0.19

Asterisk ≫ Asterisk Version1.6.0.20

Asterisk ≫ Asterisk Version1.6.0.20-rc1

Asterisk ≫ Asterisk Version1.6.0.21

Asterisk ≫ Asterisk Version1.6.0.21-rc1

Asterisk ≫ Asterisk Version1.6.1.0

Asterisk ≫ Asterisk Version1.6.1.1

Asterisk ≫ Asterisk Version1.6.1.2

Asterisk ≫ Asterisk Version1.6.1.4

Asterisk ≫ Asterisk Version1.6.1.5

Asterisk ≫ Asterisk Version1.6.1.6

Asterisk ≫ Asterisk Version1.6.1.7-rc1

Asterisk ≫ Asterisk Version1.6.1.7-rc2

Asterisk ≫ Asterisk Version1.6.1.8

Asterisk ≫ Asterisk Version1.6.1.9

Asterisk ≫ Asterisk Version1.6.1.10

Asterisk ≫ Asterisk Version1.6.1.10-rc1

Asterisk ≫ Asterisk Version1.6.1.10-rc2

Asterisk ≫ Asterisk Version1.6.1.10-rc3

Asterisk ≫ Asterisk Version1.6.1.11

Asterisk ≫ Asterisk Version1.6.1.12

Asterisk ≫ Asterisk Version1.6.1.12-rc1

Asterisk ≫ Asterisk Version1.6.1.13

Asterisk ≫ Asterisk Version1.6.1.13-rc1

Asterisk ≫ Asterisk Version1.6.2.1

Asterisk ≫ Asterisk Version1.6.2.1-rc1

Asterisk ≫ Asterisk Version1.6.10-rc1

Asterisk ≫ Asterisk Version1.6.10-rc2

Asterisk ≫ Asterisk Versionc.3.1.0 Editionbusiness

Asterisk ≫ Asterisk Versionc.3.1.1 Editionbusiness

Asterisk ≫ Asterisk Versionc.3.2.2 Editionbusiness

Asterisk ≫ Asterisk Versionc.3.3.3 Editionbusiness

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.53%	0.865

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff

http://downloads.asterisk.org/pub/security/AST-2010-001.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html

http://secunia.com/advisories/38395

Vendor Advisory

http://secunia.com/advisories/39096

http://securitytracker.com/id?1023532

http://www.securityfocus.com/archive/1/509327/100/0/threaded