CVE-2011-1147

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
digiumasterisk
1.4.0
digiumasterisk
1.4.0:beta1
digiumasterisk
1.4.0:beta2
digiumasterisk
1.4.0:beta3
digiumasterisk
1.4.0:beta4
digiumasterisk
1.4.1
digiumasterisk
1.4.2
digiumasterisk
1.4.3
digiumasterisk
1.4.10
digiumasterisk
1.4.10.1
digiumasterisk
1.4.11
digiumasterisk
1.4.12
digiumasterisk
1.4.12.1
digiumasterisk
1.4.13
digiumasterisk
1.4.14
digiumasterisk
1.4.15
digiumasterisk
1.4.16
digiumasterisk
1.4.16.1
digiumasterisk
1.4.16.2
digiumasterisk
1.4.17
digiumasterisk
1.4.18
digiumasterisk
1.4.19
digiumasterisk
1.4.19:rc1
digiumasterisk
1.4.19:rc2
digiumasterisk
1.4.19:rc3
digiumasterisk
1.4.19:rc4
digiumasterisk
1.4.19.1
digiumasterisk
1.4.19.2
digiumasterisk
1.4.20
digiumasterisk
1.4.20:rc1
digiumasterisk
1.4.20:rc2
digiumasterisk
1.4.20:rc3
digiumasterisk
1.4.20.1
digiumasterisk
1.4.21
digiumasterisk
1.4.21:rc1
digiumasterisk
1.4.21:rc2
digiumasterisk
1.4.21.1
digiumasterisk
1.4.21.2
digiumasterisk
1.4.22
digiumasterisk
1.4.22:rc1
digiumasterisk
1.4.22:rc2
digiumasterisk
1.4.22:rc3
digiumasterisk
1.4.22:rc4
digiumasterisk
1.4.22:rc5
digiumasterisk
1.4.22.1
digiumasterisk
1.4.22.2
digiumasterisk
1.4.23
digiumasterisk
1.4.23:rc1
digiumasterisk
1.4.23:rc2
digiumasterisk
1.4.23:rc3
digiumasterisk
1.4.23:rc4
digiumasterisk
1.4.23.1
digiumasterisk
1.4.23.2
digiumasterisk
1.4.24
digiumasterisk
1.4.24:rc1
digiumasterisk
1.4.24.1
digiumasterisk
1.4.25
digiumasterisk
1.4.25:rc1
digiumasterisk
1.4.25.1
digiumasterisk
1.4.26
digiumasterisk
1.4.26:rc1
digiumasterisk
1.4.26:rc2
digiumasterisk
1.4.26:rc3
digiumasterisk
1.4.26:rc4
digiumasterisk
1.4.26:rc5
digiumasterisk
1.4.26:rc6
digiumasterisk
1.4.26.1
digiumasterisk
1.4.26.2
digiumasterisk
1.4.26.3
digiumasterisk
1.4.27
digiumasterisk
1.4.27:rc1
digiumasterisk
1.4.27:rc2
digiumasterisk
1.4.27:rc3
digiumasterisk
1.4.27:rc4
digiumasterisk
1.4.27:rc5
digiumasterisk
1.4.27.1
digiumasterisk
1.4.28
digiumasterisk
1.4.28:rc1
digiumasterisk
1.4.29
digiumasterisk
1.4.29:rc1
digiumasterisk
1.4.29.1
digiumasterisk
1.4.30
digiumasterisk
1.4.30:rc2
digiumasterisk
1.4.30:rc3
digiumasterisk
1.4.31
digiumasterisk
1.4.31:rc1
digiumasterisk
1.4.31:rc2
digiumasterisk
1.4.32
digiumasterisk
1.4.32:rc1
digiumasterisk
1.4.33
digiumasterisk
1.4.33:rc1
digiumasterisk
1.4.33:rc2
digiumasterisk
1.4.33.1
digiumasterisk
1.4.34
digiumasterisk
1.4.34:rc1
digiumasterisk
1.4.34:rc2
digiumasterisk
1.4.35
digiumasterisk
1.4.35:rc1
digiumasterisk
1.4.36
digiumasterisk
1.4.36:rc1
digiumasterisk
1.4.37
digiumasterisk
1.4.37:rc1
digiumasterisk
1.4.38
digiumasterisk
1.4.38:rc1
digiumasterisk
1.4.39
digiumasterisk
1.4.39:rc1
digiumasterisk
1.4.39.1
digiumasterisk
1.6.2.0
digiumasterisk
1.6.2.0:rc2
digiumasterisk
1.6.2.0:rc3
digiumasterisk
1.6.2.0:rc4
digiumasterisk
1.6.2.0:rc5
digiumasterisk
1.6.2.0:rc6
digiumasterisk
1.6.2.0:rc7
digiumasterisk
1.6.2.0:rc8
digiumasterisk
1.6.2.1
digiumasterisk
1.6.2.1:rc1
digiumasterisk
1.6.2.2
digiumasterisk
1.6.2.3:rc2
digiumasterisk
1.6.2.4
digiumasterisk
1.6.2.5
digiumasterisk
1.6.2.6
digiumasterisk
1.6.2.6:rc1
digiumasterisk
1.6.2.6:rc2
digiumasterisk
1.6.2.15:rc1
digiumasterisk
1.6.2.16
digiumasterisk
1.6.2.16:rc1
digiumasterisk
1.6.2.16.1
digiumasterisk
1.8.0
digiumasterisk
1.8.0:beta1
digiumasterisk
1.8.0:beta2
digiumasterisk
1.8.0:beta3
digiumasterisk
1.8.0:beta4
digiumasterisk
1.8.0:beta5
digiumasterisk
1.8.0:rc2
digiumasterisk
1.8.0:rc3
digiumasterisk
1.8.0:rc4
digiumasterisk
1.8.0:rc5
digiumasterisk
1.8.1
digiumasterisk
1.8.1:rc1
digiumasterisk
1.8.1.1
digiumasterisk
1.8.1.2
digiumasterisk
1.8.2
digiumasterisk
1.8.2.1
digiumasterisk
1.8.2.2
digiumasterisk
1.8.2.3
digiumasterisknow
1.5
digiums800i
*
digiumasterisk
1.6.1.0
digiumasterisk
1.6.1.0:rc2
digiumasterisk
1.6.1.0:rc3
digiumasterisk
1.6.1.0:rc4
digiumasterisk
1.6.1.0:rc5
digiumasterisk
1.6.1.1
digiumasterisk
1.6.1.2
digiumasterisk
1.6.1.3:rc1
digiumasterisk
1.6.1.4
digiumasterisk
1.6.1.5
digiumasterisk
1.6.1.5:rc1
digiumasterisk
1.6.1.6
digiumasterisk
1.6.1.7:rc1
digiumasterisk
1.6.1.7:rc2
digiumasterisk
1.6.1.8
digiumasterisk
1.6.1.9
digiumasterisk
1.6.1.10
digiumasterisk
1.6.1.10:rc1
digiumasterisk
1.6.1.10:rc2
digiumasterisk
1.6.1.10:rc3
digiumasterisk
1.6.1.11
digiumasterisk
1.6.1.12
digiumasterisk
1.6.1.12:rc1
digiumasterisk
1.6.1.13
digiumasterisk
1.6.1.13:rc1
digiumasterisk
1.6.1.14
digiumasterisk
1.6.1.15:rc2
digiumasterisk
1.6.1.16
digiumasterisk
1.6.1.17
digiumasterisk
1.6.1.18
digiumasterisk
1.6.1.18:rc1
digiumasterisk
1.6.1.18:rc2
digiumasterisk
1.6.1.19
digiumasterisk
1.6.1.19:rc1
digiumasterisk
1.6.1.19:rc2
digiumasterisk
1.6.1.19:rc3
digiumasterisk
1.6.1.20
digiumasterisk
1.6.1.20:rc1
digiumasterisk
1.6.1.20:rc2
digiumasterisk
1.6.1.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
natty
Fixed 1:1.6.2.9-2ubuntu2.1
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.2
released
lucid
Fixed 1:1.6.2.5-0ubuntu1.4
released
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2011-002.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html
http://secunia.com/advisories/43429
http://secunia.com/advisories/43702
http://www.debian.org/security/2011/dsa-2225
http://www.openwall.com/lists/oss-security/2011/03/11/2
http://www.openwall.com/lists/oss-security/2011/03/11/8
http://www.securityfocus.com/bid/46474
http://www.securitytracker.com/id?1025101
http://www.vupen.com/english/advisories/2011/0635
http://downloads.asterisk.org/pub/security/AST-2011-002.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html
http://secunia.com/advisories/43429
http://secunia.com/advisories/43702
http://www.debian.org/security/2011/dsa-2225
http://www.openwall.com/lists/oss-security/2011/03/11/2
http://www.openwall.com/lists/oss-security/2011/03/11/8
http://www.securityfocus.com/bid/46474
http://www.securitytracker.com/id?1025101
http://www.vupen.com/english/advisories/2011/0635