CVE-2010-0441

EUVD-2010-0472
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
asteriskasterisk
1.6.0
asteriskasterisk
1.6.0.1
asteriskasterisk
1.6.0.2
asteriskasterisk
1.6.0.3
asteriskasterisk
1.6.0.5
asteriskasterisk
1.6.0.6
asteriskasterisk
1.6.0.7
asteriskasterisk
1.6.0.8
asteriskasterisk
1.6.0.9
asteriskasterisk
1.6.0.10
asteriskasterisk
1.6.0.12
asteriskasterisk
1.6.0.13
asteriskasterisk
1.6.0.14
asteriskasterisk
1.6.0.15
asteriskasterisk
1.6.0.16-rc1
asteriskasterisk
1.6.0.16-rc2
asteriskasterisk
1.6.0.17
asteriskasterisk
1.6.0.18
asteriskasterisk
1.6.0.18-rc1
asteriskasterisk
1.6.0.18-rc2
asteriskasterisk
1.6.0.18-rc3
asteriskasterisk
1.6.0.19
asteriskasterisk
1.6.0.20
asteriskasterisk
1.6.0.20-rc1
asteriskasterisk
1.6.0.21
asteriskasterisk
1.6.0.21-rc1
asteriskasterisk
1.6.1.0
asteriskasterisk
1.6.1.1
asteriskasterisk
1.6.1.2
asteriskasterisk
1.6.1.4
asteriskasterisk
1.6.1.5
asteriskasterisk
1.6.1.6
asteriskasterisk
1.6.1.7-rc1
asteriskasterisk
1.6.1.7-rc2
asteriskasterisk
1.6.1.8
asteriskasterisk
1.6.1.9
asteriskasterisk
1.6.1.10
asteriskasterisk
1.6.1.10-rc1
asteriskasterisk
1.6.1.10-rc2
asteriskasterisk
1.6.1.10-rc3
asteriskasterisk
1.6.1.11
asteriskasterisk
1.6.1.12
asteriskasterisk
1.6.1.12-rc1
asteriskasterisk
1.6.1.13
asteriskasterisk
1.6.1.13-rc1
asteriskasterisk
1.6.2.1
asteriskasterisk
1.6.2.1-rc1
asteriskasterisk
1.6.10-rc1
asteriskasterisk
1.6.10-rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
etch
not-affected
lenny
not-affected
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
dapper
ignored
hardy
not-affected
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2010-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
http://secunia.com/advisories/38395
http://secunia.com/advisories/39096
http://securitytracker.com/id?1023532
http://www.securityfocus.com/archive/1/509327/100/0/threaded
http://www.securityfocus.com/bid/38047
http://www.vupen.com/english/advisories/2010/0289
https://issues.asterisk.org/view.php?id=16517
https://issues.asterisk.org/view.php?id=16634
https://issues.asterisk.org/view.php?id=16724
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2010-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
http://secunia.com/advisories/38395
http://secunia.com/advisories/39096
http://securitytracker.com/id?1023532
http://www.securityfocus.com/archive/1/509327/100/0/threaded
http://www.securityfocus.com/bid/38047
http://www.vupen.com/english/advisories/2010/0289
https://issues.asterisk.org/view.php?id=16517
https://issues.asterisk.org/view.php?id=16634
https://issues.asterisk.org/view.php?id=16724