CVE-2013-2686

EPSS 2.45%
Veröffentlicht 01.04.2013 16:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asterisk ≫ Open Source Version1.8.0

Asterisk ≫ Open Source Version1.8.0 Updatebeta1

Asterisk ≫ Open Source Version1.8.0 Updatebeta2

Asterisk ≫ Open Source Version1.8.0 Updatebeta3

Asterisk ≫ Open Source Version1.8.0 Updatebeta4

Asterisk ≫ Open Source Version1.8.0 Updatebeta5

Asterisk ≫ Open Source Version1.8.0 Updaterc2

Asterisk ≫ Open Source Version1.8.0 Updaterc3

Asterisk ≫ Open Source Version1.8.0 Updaterc4

Asterisk ≫ Open Source Version1.8.0 Updaterc5

Asterisk ≫ Open Source Version1.8.1

Asterisk ≫ Open Source Version1.8.1 Updaterc1

Asterisk ≫ Open Source Version1.8.1.1

Asterisk ≫ Open Source Version1.8.1.2

Asterisk ≫ Open Source Version1.8.2

Asterisk ≫ Open Source Version1.8.2 Updaterc1

Asterisk ≫ Open Source Version1.8.2.1

Asterisk ≫ Open Source Version1.8.2.2

Asterisk ≫ Open Source Version1.8.2.3

Asterisk ≫ Open Source Version1.8.2.4

Asterisk ≫ Open Source Version1.8.3

Asterisk ≫ Open Source Version1.8.3 Updaterc1

Asterisk ≫ Open Source Version1.8.3 Updaterc2

Asterisk ≫ Open Source Version1.8.3 Updaterc3

Asterisk ≫ Open Source Version1.8.3.1

Asterisk ≫ Open Source Version1.8.3.2

Asterisk ≫ Open Source Version1.8.3.3

Asterisk ≫ Open Source Version1.8.4

Asterisk ≫ Open Source Version1.8.4 Updaterc1

Asterisk ≫ Open Source Version1.8.4 Updaterc2

Asterisk ≫ Open Source Version1.8.4 Updaterc3

Asterisk ≫ Open Source Version1.8.4.1

Asterisk ≫ Open Source Version1.8.4.2

Asterisk ≫ Open Source Version1.8.4.3

Asterisk ≫ Open Source Version1.8.4.4

Asterisk ≫ Open Source Version1.8.5 Updaterc1

Asterisk ≫ Open Source Version1.8.5.0

Asterisk ≫ Open Source Version1.8.6.0

Asterisk ≫ Open Source Version1.8.6.0 Updaterc1

Asterisk ≫ Open Source Version1.8.6.0 Updaterc2

Asterisk ≫ Open Source Version1.8.6.0 Updaterc3

Asterisk ≫ Open Source Version1.8.7.0

Asterisk ≫ Open Source Version1.8.7.0 Updaterc1

Asterisk ≫ Open Source Version1.8.7.0 Updaterc2

Asterisk ≫ Open Source Version1.8.7.1

Asterisk ≫ Open Source Version1.8.7.2

Asterisk ≫ Open Source Version1.8.8.0

Asterisk ≫ Open Source Version1.8.8.0 Updaterc1

Asterisk ≫ Open Source Version1.8.8.0 Updaterc2

Asterisk ≫ Open Source Version1.8.8.0 Updaterc3

Asterisk ≫ Open Source Version1.8.8.0 Updaterc4

Asterisk ≫ Open Source Version1.8.8.0 Updaterc5

Asterisk ≫ Open Source Version1.8.8.1

Asterisk ≫ Open Source Version1.8.8.2

Asterisk ≫ Open Source Version1.8.9.0

Asterisk ≫ Open Source Version1.8.9.0 Updaterc1

Asterisk ≫ Open Source Version1.8.9.0 Updaterc2

Asterisk ≫ Open Source Version1.8.9.0 Updaterc3

Asterisk ≫ Open Source Version1.8.9.1

Asterisk ≫ Open Source Version1.8.9.2

Asterisk ≫ Open Source Version1.8.9.3

Asterisk ≫ Open Source Version1.8.10.0

Asterisk ≫ Open Source Version1.8.10.0 Updaterc1

Asterisk ≫ Open Source Version1.8.10.0 Updaterc2

Asterisk ≫ Open Source Version1.8.10.0 Updaterc3

Asterisk ≫ Open Source Version1.8.10.0 Updaterc4

Asterisk ≫ Open Source Version1.8.10.1

Asterisk ≫ Open Source Version1.8.11.0

Asterisk ≫ Open Source Version1.8.11.0 Updaterc2

Asterisk ≫ Open Source Version1.8.11.0 Updaterc3

Asterisk ≫ Open Source Version1.8.11.1

Asterisk ≫ Open Source Version1.8.12

Asterisk ≫ Open Source Version1.8.12.0 Updaterc1

Asterisk ≫ Open Source Version1.8.12.0 Updaterc2

Asterisk ≫ Open Source Version1.8.12.0 Updaterc3

Asterisk ≫ Open Source Version1.8.12.1

Asterisk ≫ Open Source Version1.8.12.2

Asterisk ≫ Open Source Version1.8.13.0

Asterisk ≫ Open Source Version1.8.13.0 Updaterc1

Asterisk ≫ Open Source Version1.8.13.0 Updaterc2

Asterisk ≫ Open Source Version1.8.13.1

Asterisk ≫ Open Source Version1.8.14.0

Asterisk ≫ Open Source Version1.8.14.0 Updaterc1

Asterisk ≫ Open Source Version1.8.14.0 Updaterc2

Asterisk ≫ Open Source Version1.8.14.1

Asterisk ≫ Open Source Version1.8.15.0

Asterisk ≫ Open Source Version1.8.15.0 Updaterc1

Asterisk ≫ Open Source Version1.8.15.1

Asterisk ≫ Open Source Version1.8.16.0

Asterisk ≫ Open Source Version1.8.16.0 Updaterc1

Asterisk ≫ Open Source Version1.8.16.0 Updaterc2

Asterisk ≫ Open Source Version1.8.17.0

Asterisk ≫ Open Source Version1.8.17.0 Updaterc1

Asterisk ≫ Open Source Version1.8.17.0 Updaterc2

Asterisk ≫ Open Source Version1.8.17.0 Updaterc3

Asterisk ≫ Open Source Version1.8.18.0

Asterisk ≫ Open Source Version1.8.18.0 Updaterc1

Asterisk ≫ Open Source Version1.8.18.1

Asterisk ≫ Open Source Version1.8.19.0

Asterisk ≫ Open Source Version1.8.19.0 Updaterc1

Asterisk ≫ Open Source Version1.8.19.0 Updaterc3

Asterisk ≫ Open Source Version1.8.19.1

Asterisk ≫ Open Source Version1.8.20.0

Asterisk ≫ Open Source Version1.8.20.0 Updaterc1

Asterisk ≫ Open Source Version1.8.20.0 Updaterc2

Asterisk ≫ Open Source Version1.8.20.1

Asterisk ≫ Open Source Version10.0.0

Asterisk ≫ Open Source Version10.0.0 Updatebeta1

Asterisk ≫ Open Source Version10.0.0 Updatebeta2

Asterisk ≫ Open Source Version10.0.0 Updaterc1

Asterisk ≫ Open Source Version10.0.0 Updaterc2

Asterisk ≫ Open Source Version10.0.0 Updaterc3

Asterisk ≫ Open Source Version10.0.1

Asterisk ≫ Open Source Version10.1.0

Asterisk ≫ Open Source Version10.1.0 Updaterc1

Asterisk ≫ Open Source Version10.1.0 Updaterc2

Asterisk ≫ Open Source Version10.1.1

Asterisk ≫ Open Source Version10.1.2

Asterisk ≫ Open Source Version10.1.3

Asterisk ≫ Open Source Version10.2.0

Asterisk ≫ Open Source Version10.2.0 Updaterc1

Asterisk ≫ Open Source Version10.2.0 Updaterc2

Asterisk ≫ Open Source Version10.2.0 Updaterc3

Asterisk ≫ Open Source Version10.2.0 Updaterc4

Asterisk ≫ Open Source Version10.2.1

Asterisk ≫ Open Source Version10.3.0

Asterisk ≫ Open Source Version10.3.0 Updaterc2

Asterisk ≫ Open Source Version10.3.0 Updaterc3

Asterisk ≫ Open Source Version10.3.1

Asterisk ≫ Open Source Version10.4.0

Asterisk ≫ Open Source Version10.4.0 Updaterc1

Asterisk ≫ Open Source Version10.4.0 Updaterc2

Asterisk ≫ Open Source Version10.4.0 Updaterc3

Asterisk ≫ Open Source Version10.4.1

Asterisk ≫ Open Source Version10.4.2

Asterisk ≫ Open Source Version10.5.0

Asterisk ≫ Open Source Version10.5.0 Updaterc1

Asterisk ≫ Open Source Version10.5.0 Updaterc2

Asterisk ≫ Open Source Version10.5.1

Asterisk ≫ Open Source Version10.5.2

Asterisk ≫ Open Source Version10.6.0

Asterisk ≫ Open Source Version10.6.0 Updaterc1

Asterisk ≫ Open Source Version10.6.0 Updaterc2

Asterisk ≫ Open Source Version10.6.1

Asterisk ≫ Open Source Version10.7.0

Asterisk ≫ Open Source Version10.7.0 Updaterc1

Asterisk ≫ Open Source Version10.7.1

Asterisk ≫ Open Source Version10.8.0

Asterisk ≫ Open Source Version10.8.0 Updaterc1

Asterisk ≫ Open Source Version10.8.0 Updaterc2

Asterisk ≫ Open Source Version10.9.0

Asterisk ≫ Open Source Version10.9.0 Updaterc1

Asterisk ≫ Open Source Version10.9.0 Updaterc2

Asterisk ≫ Open Source Version10.9.0 Updaterc3

Asterisk ≫ Open Source Version10.10.0

Asterisk ≫ Open Source Version10.10.0 Updaterc1

Asterisk ≫ Open Source Version10.10.0 Updaterc2

Asterisk ≫ Open Source Version10.10.1

Asterisk ≫ Open Source Version10.11.0

Asterisk ≫ Open Source Version10.11.0 Updaterc1

Asterisk ≫ Open Source Version10.11.0 Updaterc3

Asterisk ≫ Open Source Version10.11.1

Asterisk ≫ Open Source Version10.12.0

Asterisk ≫ Open Source Version10.12.0 Updaterc1

Asterisk ≫ Open Source Version10.12.0 Updaterc2

Asterisk ≫ Open Source Version10.12.1

Asterisk ≫ Open Source Version11.0.0

Asterisk ≫ Open Source Version11.0.0 Updatebeta1

Asterisk ≫ Open Source Version11.0.0 Updatebeta2

Asterisk ≫ Open Source Version11.0.0 Updaterc1

Asterisk ≫ Open Source Version11.0.0 Updaterc2

Asterisk ≫ Open Source Version11.0.1

Asterisk ≫ Open Source Version11.0.2

Asterisk ≫ Open Source Version11.1.0

Asterisk ≫ Open Source Version11.1.0 Updaterc1

Asterisk ≫ Open Source Version11.1.0 Updaterc3

Asterisk ≫ Open Source Version11.1.1

Asterisk ≫ Open Source Version11.1.2

Asterisk ≫ Open Source Version11.2.0

Asterisk ≫ Open Source Version11.2.0 Updaterc1

Asterisk ≫ Open Source Version11.2.0 Updaterc2

Asterisk ≫ Open Source Version11.2.1

Asterisk ≫ Certified Asterisk Version1.8.15 Updatecert1

Asterisk ≫ Certified Asterisk Version1.8.15 Updatecert1 Editionrc1

Asterisk ≫ Certified Asterisk Version1.8.15 Updatecert1 Editionrc2

Asterisk ≫ Certified Asterisk Version1.8.15 Updatecert1 Editionrc3

Asterisk ≫ Certified Asterisk Version1.8.15.0

Asterisk ≫ Certified Asterisk Version1.8.15.0 Updaterc1

Asterisk ≫ Digiumphones Version10.0.0

Asterisk ≫ Digiumphones Version10.0.0 Updatebeta1

Asterisk ≫ Digiumphones Version10.0.0 Updatebeta2

Asterisk ≫ Digiumphones Version10.0.0 Updaterc1

Asterisk ≫ Digiumphones Version10.0.0 Updaterc2

Asterisk ≫ Digiumphones Version10.0.0 Updaterc3

Asterisk ≫ Digiumphones Version10.1.0

Asterisk ≫ Digiumphones Version10.1.0 Updaterc1

Asterisk ≫ Digiumphones Version10.1.0 Updaterc2

Asterisk ≫ Digiumphones Version10.2.0

Asterisk ≫ Digiumphones Version10.2.0 Updaterc1

Asterisk ≫ Digiumphones Version10.2.0 Updaterc2

Asterisk ≫ Digiumphones Version10.2.0 Updaterc3

Asterisk ≫ Digiumphones Version10.2.0 Updaterc4

Asterisk ≫ Digiumphones Version10.3.0

Asterisk ≫ Digiumphones Version10.3.0 Updaterc2

Asterisk ≫ Digiumphones Version10.3.0 Updaterc3

Asterisk ≫ Digiumphones Version10.4.0

Asterisk ≫ Digiumphones Version10.4.0 Updaterc1

Asterisk ≫ Digiumphones Version10.4.0 Updaterc2

Asterisk ≫ Digiumphones Version10.4.0 Updaterc3

Asterisk ≫ Digiumphones Version10.5.0

Asterisk ≫ Digiumphones Version10.5.0 Updaterc1

Asterisk ≫ Digiumphones Version10.5.0 Updaterc2

Asterisk ≫ Digiumphones Version10.6.0

Asterisk ≫ Digiumphones Version10.6.0 Updaterc1

Asterisk ≫ Digiumphones Version10.6.0 Updaterc2

Asterisk ≫ Digiumphones Version10.7.0

Asterisk ≫ Digiumphones Version10.7.0 Updaterc1

Asterisk ≫ Digiumphones Version10.8.0

Asterisk ≫ Digiumphones Version10.8.0 Updaterc1

Asterisk ≫ Digiumphones Version10.8.0 Updaterc2

Asterisk ≫ Digiumphones Version10.9.0 Updaterc1

Asterisk ≫ Digiumphones Version10.10.0

Asterisk ≫ Digiumphones Version10.10.0 Updaterc1

Asterisk ≫ Digiumphones Version10.10.0 Updaterc2

Asterisk ≫ Digiumphones Version10.11.0

Asterisk ≫ Digiumphones Version10.11.0 Updaterc1

Asterisk ≫ Digiumphones Version10.11.0 Updaterc2

Asterisk ≫ Digiumphones Version10.11.0 Updaterc3

Asterisk ≫ Digiumphones Version10.12.0

Asterisk ≫ Digiumphones Version10.12.0 Updaterc1

Asterisk ≫ Digiumphones Version10.12.0 Updaterc2

Asterisk ≫ Digiumphones Version10.12.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.45%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://downloads.asterisk.org/pub/security/AST-2013-002.html

Vendor Advisory

http://telussecuritylabs.com/threats/show/TSL20130327-01

https://issues.asterisk.org/jira/browse/ASTERISK-20967

https://nvd.nist.gov/vuln/detail/CVE-2013-2686

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2686

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2686

EUVD