CVE-2013-7100

Exploit

EPSS 2.55%
Published 19.12.2013 22:55:04
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Digium ≫ Asterisk Version1.8.17.0

Digium ≫ Asterisk Version1.8.17.0 Updaterc1

Digium ≫ Asterisk Version1.8.17.0 Updaterc2

Digium ≫ Asterisk Version1.8.17.0 Updaterc3

Digium ≫ Asterisk Version1.8.18.0

Digium ≫ Asterisk Version1.8.18.0 Updaterc1

Digium ≫ Asterisk Version1.8.18.1

Digium ≫ Asterisk Version1.8.19.0

Digium ≫ Asterisk Version1.8.19.0 Updaterc1

Digium ≫ Asterisk Version1.8.19.0 Updaterc3

Digium ≫ Asterisk Version1.8.19.1

Digium ≫ Asterisk Version1.8.20.0

Digium ≫ Asterisk Version1.8.20.0 Updaterc1

Digium ≫ Asterisk Version1.8.20.0 Updaterc2

Digium ≫ Asterisk Version1.8.21.0 Updaterc1

Digium ≫ Asterisk Version1.8.21.0 Updaterc2

Digium ≫ Asterisk Version1.8.22.0

Digium ≫ Asterisk Version1.8.22.0 Updaterc1

Digium ≫ Asterisk Version1.8.22.0 Updaterc2

Digium ≫ Asterisk Version1.8.23.0

Digium ≫ Asterisk Version1.8.23.0 Updaterc1

Digium ≫ Asterisk Version1.8.23.0 Updaterc2

Digium ≫ Asterisk Version10.10.0

Digium ≫ Asterisk Version10.10.0 Updaterc1

Digium ≫ Asterisk Version10.10.0 Updaterc2

Digium ≫ Asterisk Version10.11.0

Digium ≫ Asterisk Version10.11.0 Updaterc1

Digium ≫ Asterisk Version10.11.0 Updaterc2

Digium ≫ Asterisk Version10.11.0 Updaterc3

Digium ≫ Asterisk Version10.12.0

Digium ≫ Asterisk Version10.12.0 Updaterc1

Digium ≫ Asterisk Version10.12.0 Updaterc2

Digium ≫ Asterisk Version10.12.1

Digium ≫ Asterisk Version10.12.2

Digium ≫ Asterisk Version11.0.0

Digium ≫ Asterisk Version11.0.0 Updatebeta1

Digium ≫ Asterisk Version11.0.0 Updatebeta2

Digium ≫ Asterisk Version11.0.0 Updaterc1

Digium ≫ Asterisk Version11.0.0 Updaterc2

Digium ≫ Asterisk Version11.0.1

Digium ≫ Asterisk Version11.0.2

Digium ≫ Asterisk Version11.1.0

Digium ≫ Asterisk Version11.1.0 Updaterc1

Digium ≫ Asterisk Version11.1.0 Updaterc3

Digium ≫ Asterisk Version11.1.1

Digium ≫ Asterisk Version11.1.2

Digium ≫ Asterisk Version11.2.0 Updaterc1

Digium ≫ Asterisk Version11.2.0 Updaterc2

Digium ≫ Asterisk Version11.3.0 Updaterc1

Digium ≫ Asterisk Version11.3.0 Updaterc2

Digium ≫ Asterisk Version11.4.0

Digium ≫ Asterisk Version11.4.0 Updaterc1

Digium ≫ Asterisk Version11.4.0 Updaterc2

Digium ≫ Asterisk Version11.4.0 Updaterc3

Digium ≫ Asterisk Version11.5.0

Digium ≫ Asterisk Version11.5.0 Updaterc1

Digium ≫ Asterisk Version11.5.0 Updaterc2

Digium ≫ Asterisk Version11.5.1

Digium ≫ Asterisk Digiumphones Version10.0.0

Digium ≫ Asterisk Digiumphones Version10.0.0 Updaterc1

Digium ≫ Asterisk Digiumphones Version10.0.0 Updaterc2

Digium ≫ Asterisk Digiumphones Version10.11.0

Digium ≫ Asterisk Digiumphones Version10.11.0 Updaterc1

Digium ≫ Asterisk Digiumphones Version10.11.0 Updaterc2

Digium ≫ Asterisk Digiumphones Version10.11.0 Updaterc3

Digium ≫ Asterisk Digiumphones Version10.12.0

Digium ≫ Asterisk Digiumphones Version10.12.0 Updaterc1

Digium ≫ Asterisk Digiumphones Version10.12.0 Updaterc2

Digium ≫ Asterisk Digiumphones Version10.12.1

Digium ≫ Asterisk Digiumphones Version10.12.2

Digium ≫ Certified Asterisk Version1.8.15

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc1

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc2

Digium ≫ Certified Asterisk Version1.8.15 Updatecert1-rc3

Digium ≫ Certified Asterisk Version1.8.15 Updatecert2

Digium ≫ Certified Asterisk Version1.8.15 Updaterc1

Digium ≫ Certified Asterisk Version11.2.0

Digium ≫ Certified Asterisk Version11.2.0 Updatecert1

Digium ≫ Certified Asterisk Version11.2.0 Updaterc1

Digium ≫ Certified Asterisk Version11.2.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.55%	0.85

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html

http://downloads.asterisk.org/pub/security/AST-2013-006.html

Patch

Vendor Advisory

http://osvdb.org/101100

http://secunia.com/advisories/56294

http://www.debian.org/security/2014/dsa-2835

http://www.mandriva.com/security/advisories?name=MDVSA-2013:300

http://www.securityfocus.com/bid/64364

http://www.securitytracker.com/id/1029499

https://exchange.xforce.ibmcloud.com/vulnerabilities/89825

https://issues.asterisk.org/jira/browse/ASTERISK-22590