CVE-2008-1289

Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
asteriskasterisk_appliance_developer_kit
1.4
asteriskasterisknow
𝑥
≤ 1.0.1
asteriskopen_source
𝑥
≤ 1.4.18
asteriskopen_source
𝑥
≤ 1.4.19
asteriskopen_source
𝑥
≤ 1.6.0_beta5
asterisks800i
𝑥
≤ 1.1.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
etch
not-affected
sarge
not-affected
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
intrepid
Fixed 1:1.4.17~dfsg-2ubuntu1
released
hardy
Fixed 1:1.4.17~dfsg-2ubuntu1
released
gutsy
ignored
feisty
not-affected
edgy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://downloads.digium.com/pub/security/AST-2008-002.html
http://labs.musecurity.com/advisories/MU-200803-01.txt
http://secunia.com/advisories/29426
http://secunia.com/advisories/29470
http://securityreason.com/securityalert/3763
http://securitytracker.com/id?1019628
http://www.asterisk.org/node/48466
http://www.securityfocus.com/archive/1/489817/100/0/threaded
http://www.securityfocus.com/bid/28308
http://www.vupen.com/english/advisories/2008/0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/41302
https://exchange.xforce.ibmcloud.com/vulnerabilities/41305
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
http://downloads.digium.com/pub/security/AST-2008-002.html
http://labs.musecurity.com/advisories/MU-200803-01.txt
http://secunia.com/advisories/29426
http://secunia.com/advisories/29470
http://securityreason.com/securityalert/3763
http://securitytracker.com/id?1019628
http://www.asterisk.org/node/48466
http://www.securityfocus.com/archive/1/489817/100/0/threaded
http://www.securityfocus.com/bid/28308
http://www.vupen.com/english/advisories/2008/0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/41302
https://exchange.xforce.ibmcloud.com/vulnerabilities/41305
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html