CVE-2010-0441

EPSS 3.53%
Published 04.02.2010 20:15:24
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Asterisk ≫ Asterisk Version1.6.0

Asterisk ≫ Asterisk Version1.6.0.1

Asterisk ≫ Asterisk Version1.6.0.2

Asterisk ≫ Asterisk Version1.6.0.3

Asterisk ≫ Asterisk Version1.6.0.5

Asterisk ≫ Asterisk Version1.6.0.6

Asterisk ≫ Asterisk Version1.6.0.7

Asterisk ≫ Asterisk Version1.6.0.8

Asterisk ≫ Asterisk Version1.6.0.9

Asterisk ≫ Asterisk Version1.6.0.10

Asterisk ≫ Asterisk Version1.6.0.12

Asterisk ≫ Asterisk Version1.6.0.13

Asterisk ≫ Asterisk Version1.6.0.14

Asterisk ≫ Asterisk Version1.6.0.15

Asterisk ≫ Asterisk Version1.6.0.16-rc1

Asterisk ≫ Asterisk Version1.6.0.16-rc2

Asterisk ≫ Asterisk Version1.6.0.17

Asterisk ≫ Asterisk Version1.6.0.18

Asterisk ≫ Asterisk Version1.6.0.18-rc1

Asterisk ≫ Asterisk Version1.6.0.18-rc2

Asterisk ≫ Asterisk Version1.6.0.18-rc3

Asterisk ≫ Asterisk Version1.6.0.19

Asterisk ≫ Asterisk Version1.6.0.20

Asterisk ≫ Asterisk Version1.6.0.20-rc1

Asterisk ≫ Asterisk Version1.6.0.21

Asterisk ≫ Asterisk Version1.6.0.21-rc1

Asterisk ≫ Asterisk Version1.6.1.0

Asterisk ≫ Asterisk Version1.6.1.1

Asterisk ≫ Asterisk Version1.6.1.2

Asterisk ≫ Asterisk Version1.6.1.4

Asterisk ≫ Asterisk Version1.6.1.5

Asterisk ≫ Asterisk Version1.6.1.6

Asterisk ≫ Asterisk Version1.6.1.7-rc1

Asterisk ≫ Asterisk Version1.6.1.7-rc2

Asterisk ≫ Asterisk Version1.6.1.8

Asterisk ≫ Asterisk Version1.6.1.9

Asterisk ≫ Asterisk Version1.6.1.10

Asterisk ≫ Asterisk Version1.6.1.10-rc1

Asterisk ≫ Asterisk Version1.6.1.10-rc2

Asterisk ≫ Asterisk Version1.6.1.10-rc3

Asterisk ≫ Asterisk Version1.6.1.11

Asterisk ≫ Asterisk Version1.6.1.12

Asterisk ≫ Asterisk Version1.6.1.12-rc1

Asterisk ≫ Asterisk Version1.6.1.13

Asterisk ≫ Asterisk Version1.6.1.13-rc1

Asterisk ≫ Asterisk Version1.6.2.1

Asterisk ≫ Asterisk Version1.6.2.1-rc1

Asterisk ≫ Asterisk Version1.6.10-rc1

Asterisk ≫ Asterisk Version1.6.10-rc2

Asterisk ≫ Asterisk Versionc.3.1.0 Editionbusiness

Asterisk ≫ Asterisk Versionc.3.1.1 Editionbusiness

Asterisk ≫ Asterisk Versionc.3.2.2 Editionbusiness

Asterisk ≫ Asterisk Versionc.3.3.3 Editionbusiness

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.53%	0.865

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff

http://downloads.asterisk.org/pub/security/AST-2010-001.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html

http://secunia.com/advisories/38395

Vendor Advisory

http://secunia.com/advisories/39096

http://securitytracker.com/id?1023532

http://www.securityfocus.com/archive/1/509327/100/0/threaded