6.8

CVE-2011-1147

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiumAsterisk Version1.4.0
DigiumAsterisk Version1.4.0 Updatebeta1
DigiumAsterisk Version1.4.0 Updatebeta2
DigiumAsterisk Version1.4.0 Updatebeta3
DigiumAsterisk Version1.4.0 Updatebeta4
DigiumAsterisk Version1.4.1
DigiumAsterisk Version1.4.2
DigiumAsterisk Version1.4.3
DigiumAsterisk Version1.4.10
DigiumAsterisk Version1.4.10.1
DigiumAsterisk Version1.4.11
DigiumAsterisk Version1.4.12
DigiumAsterisk Version1.4.12.1
DigiumAsterisk Version1.4.13
DigiumAsterisk Version1.4.14
DigiumAsterisk Version1.4.15
DigiumAsterisk Version1.4.16
DigiumAsterisk Version1.4.16.1
DigiumAsterisk Version1.4.16.2
DigiumAsterisk Version1.4.17
DigiumAsterisk Version1.4.18
DigiumAsterisk Version1.4.19
DigiumAsterisk Version1.4.19 Updaterc1
DigiumAsterisk Version1.4.19 Updaterc2
DigiumAsterisk Version1.4.19 Updaterc3
DigiumAsterisk Version1.4.19 Updaterc4
DigiumAsterisk Version1.4.19.1
DigiumAsterisk Version1.4.19.2
DigiumAsterisk Version1.4.20
DigiumAsterisk Version1.4.20 Updaterc1
DigiumAsterisk Version1.4.20 Updaterc2
DigiumAsterisk Version1.4.20 Updaterc3
DigiumAsterisk Version1.4.20.1
DigiumAsterisk Version1.4.21
DigiumAsterisk Version1.4.21 Updaterc1
DigiumAsterisk Version1.4.21 Updaterc2
DigiumAsterisk Version1.4.21.1
DigiumAsterisk Version1.4.21.2
DigiumAsterisk Version1.4.22
DigiumAsterisk Version1.4.22 Updaterc1
DigiumAsterisk Version1.4.22 Updaterc2
DigiumAsterisk Version1.4.22 Updaterc3
DigiumAsterisk Version1.4.22 Updaterc4
DigiumAsterisk Version1.4.22 Updaterc5
DigiumAsterisk Version1.4.22.1
DigiumAsterisk Version1.4.22.2
DigiumAsterisk Version1.4.23
DigiumAsterisk Version1.4.23 Updaterc1
DigiumAsterisk Version1.4.23 Updaterc2
DigiumAsterisk Version1.4.23 Updaterc3
DigiumAsterisk Version1.4.23 Updaterc4
DigiumAsterisk Version1.4.23.1
DigiumAsterisk Version1.4.23.2
DigiumAsterisk Version1.4.24
DigiumAsterisk Version1.4.24 Updaterc1
DigiumAsterisk Version1.4.24.1
DigiumAsterisk Version1.4.25
DigiumAsterisk Version1.4.25 Updaterc1
DigiumAsterisk Version1.4.25.1
DigiumAsterisk Version1.4.26
DigiumAsterisk Version1.4.26 Updaterc1
DigiumAsterisk Version1.4.26 Updaterc2
DigiumAsterisk Version1.4.26 Updaterc3
DigiumAsterisk Version1.4.26 Updaterc4
DigiumAsterisk Version1.4.26 Updaterc5
DigiumAsterisk Version1.4.26 Updaterc6
DigiumAsterisk Version1.4.26.1
DigiumAsterisk Version1.4.26.2
DigiumAsterisk Version1.4.26.3
DigiumAsterisk Version1.4.27
DigiumAsterisk Version1.4.27 Updaterc1
DigiumAsterisk Version1.4.27 Updaterc2
DigiumAsterisk Version1.4.27 Updaterc3
DigiumAsterisk Version1.4.27 Updaterc4
DigiumAsterisk Version1.4.27 Updaterc5
DigiumAsterisk Version1.4.27.1
DigiumAsterisk Version1.4.28
DigiumAsterisk Version1.4.28 Updaterc1
DigiumAsterisk Version1.4.29
DigiumAsterisk Version1.4.29 Updaterc1
DigiumAsterisk Version1.4.29.1
DigiumAsterisk Version1.4.30
DigiumAsterisk Version1.4.30 Updaterc2
DigiumAsterisk Version1.4.30 Updaterc3
DigiumAsterisk Version1.4.31
DigiumAsterisk Version1.4.31 Updaterc1
DigiumAsterisk Version1.4.31 Updaterc2
DigiumAsterisk Version1.4.32
DigiumAsterisk Version1.4.32 Updaterc1
DigiumAsterisk Version1.4.33
DigiumAsterisk Version1.4.33 Updaterc1
DigiumAsterisk Version1.4.33 Updaterc2
DigiumAsterisk Version1.4.33.1
DigiumAsterisk Version1.4.34
DigiumAsterisk Version1.4.34 Updaterc1
DigiumAsterisk Version1.4.34 Updaterc2
DigiumAsterisk Version1.4.35
DigiumAsterisk Version1.4.35 Updaterc1
DigiumAsterisk Version1.4.36
DigiumAsterisk Version1.4.36 Updaterc1
DigiumAsterisk Version1.4.37
DigiumAsterisk Version1.4.37 Updaterc1
DigiumAsterisk Version1.4.38
DigiumAsterisk Version1.4.38 Updaterc1
DigiumAsterisk Version1.4.39
DigiumAsterisk Version1.4.39 Updaterc1
DigiumAsterisk Version1.4.39.1
DigiumAsterisk Version1.6.2.0
DigiumAsterisk Version1.6.2.0 Updaterc2
DigiumAsterisk Version1.6.2.0 Updaterc3
DigiumAsterisk Version1.6.2.0 Updaterc4
DigiumAsterisk Version1.6.2.0 Updaterc5
DigiumAsterisk Version1.6.2.0 Updaterc6
DigiumAsterisk Version1.6.2.0 Updaterc7
DigiumAsterisk Version1.6.2.0 Updaterc8
DigiumAsterisk Version1.6.2.1
DigiumAsterisk Version1.6.2.1 Updaterc1
DigiumAsterisk Version1.6.2.2
DigiumAsterisk Version1.6.2.3 Updaterc2
DigiumAsterisk Version1.6.2.4
DigiumAsterisk Version1.6.2.5
DigiumAsterisk Version1.6.2.6
DigiumAsterisk Version1.6.2.6 Updaterc1
DigiumAsterisk Version1.6.2.6 Updaterc2
DigiumAsterisk Version1.6.2.15 Updaterc1
DigiumAsterisk Version1.6.2.16
DigiumAsterisk Version1.6.2.16 Updaterc1
DigiumAsterisk Version1.6.2.16.1
DigiumAsterisk Version1.8.0
DigiumAsterisk Version1.8.0 Updatebeta1
DigiumAsterisk Version1.8.0 Updatebeta2
DigiumAsterisk Version1.8.0 Updatebeta3
DigiumAsterisk Version1.8.0 Updatebeta4
DigiumAsterisk Version1.8.0 Updatebeta5
DigiumAsterisk Version1.8.0 Updaterc2
DigiumAsterisk Version1.8.0 Updaterc3
DigiumAsterisk Version1.8.0 Updaterc4
DigiumAsterisk Version1.8.0 Updaterc5
DigiumAsterisk Version1.8.1
DigiumAsterisk Version1.8.1 Updaterc1
DigiumAsterisk Version1.8.1.1
DigiumAsterisk Version1.8.1.2
DigiumAsterisk Version1.8.2
DigiumAsterisk Version1.8.2.1
DigiumAsterisk Version1.8.2.2
DigiumAsterisk Version1.8.2.3
DigiumAsterisk Versionc.1.0 Updatebeta7 Editionbusiness
DigiumAsterisk Versionc.1.0 Updatebeta8 Editionbusiness
DigiumAsterisk Versionc.1.6 Update- Editionbusiness
DigiumAsterisk Versionc.1.6.1 Update- Editionbusiness
DigiumAsterisk Versionc.1.6.2 Update- Editionbusiness
DigiumAsterisk Versionc.1.8.0 Update- Editionbusiness
DigiumAsterisk Versionc.1.8.1 Update- Editionbusiness
DigiumAsterisk Versionc.2.3 Update- Editionbusiness
DigiumAsterisk Versionc.3.0 Update- Editionbusiness
DigiumAsterisk Versionc.3.1.0 Update- Editionbusiness
DigiumAsterisk Versionc.3.1.1 Update- Editionbusiness
DigiumAsterisk Versionc.3.2.2 Update- Editionbusiness
DigiumAsterisk Versionc.3.2.3 Update- Editionbusiness
DigiumAsterisk Versionc.3.3.2 Update- Editionbusiness
DigiumAsterisk Versionc.3.6.2 Update- Editionbusiness
DigiumAsterisknow Version1.5
DigiumAsterisk Version1.6.1.0
DigiumAsterisk Version1.6.1.0 Updaterc2
DigiumAsterisk Version1.6.1.0 Updaterc3
DigiumAsterisk Version1.6.1.0 Updaterc4
DigiumAsterisk Version1.6.1.0 Updaterc5
DigiumAsterisk Version1.6.1.1
DigiumAsterisk Version1.6.1.2
DigiumAsterisk Version1.6.1.3 Updaterc1
DigiumAsterisk Version1.6.1.4
DigiumAsterisk Version1.6.1.5
DigiumAsterisk Version1.6.1.5 Updaterc1
DigiumAsterisk Version1.6.1.6
DigiumAsterisk Version1.6.1.7 Updaterc1
DigiumAsterisk Version1.6.1.7 Updaterc2
DigiumAsterisk Version1.6.1.8
DigiumAsterisk Version1.6.1.9
DigiumAsterisk Version1.6.1.10
DigiumAsterisk Version1.6.1.10 Updaterc1
DigiumAsterisk Version1.6.1.10 Updaterc2
DigiumAsterisk Version1.6.1.10 Updaterc3
DigiumAsterisk Version1.6.1.11
DigiumAsterisk Version1.6.1.12
DigiumAsterisk Version1.6.1.12 Updaterc1
DigiumAsterisk Version1.6.1.13
DigiumAsterisk Version1.6.1.13 Updaterc1
DigiumAsterisk Version1.6.1.14
DigiumAsterisk Version1.6.1.15 Updaterc2
DigiumAsterisk Version1.6.1.16
DigiumAsterisk Version1.6.1.17
DigiumAsterisk Version1.6.1.18
DigiumAsterisk Version1.6.1.18 Updaterc1
DigiumAsterisk Version1.6.1.18 Updaterc2
DigiumAsterisk Version1.6.1.19
DigiumAsterisk Version1.6.1.19 Updaterc1
DigiumAsterisk Version1.6.1.19 Updaterc2
DigiumAsterisk Version1.6.1.19 Updaterc3
DigiumAsterisk Version1.6.1.20
DigiumAsterisk Version1.6.1.20 Updaterc1
DigiumAsterisk Version1.6.1.20 Updaterc2
DigiumAsterisk Version1.6.1.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.53% 0.877
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://downloads.asterisk.org/pub/security/AST-2011-002.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html
Patch
http://secunia.com/advisories/43429
Vendor Advisory
http://secunia.com/advisories/43702
Vendor Advisory
http://www.debian.org/security/2011/dsa-2225
http://www.openwall.com/lists/oss-security/2011/03/11/2
http://www.openwall.com/lists/oss-security/2011/03/11/8
http://www.securityfocus.com/bid/46474
http://www.securitytracker.com/id?1025101
http://www.vupen.com/english/advisories/2011/0635
Vendor Advisory