CVE-2011-1175

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
digiumasterisk
1.6.1
digiumasterisk
1.6.1:beta1
digiumasterisk
1.6.1:beta2
digiumasterisk
1.6.1:beta3
digiumasterisk
1.6.1:beta4
digiumasterisk
1.6.1:rc1
digiumasterisk
1.6.1.0
digiumasterisk
1.6.1.0:rc2
digiumasterisk
1.6.1.0:rc3
digiumasterisk
1.6.1.0:rc4
digiumasterisk
1.6.1.0:rc5
digiumasterisk
1.6.1.1
digiumasterisk
1.6.1.2
digiumasterisk
1.6.1.3:rc1
digiumasterisk
1.6.1.4
digiumasterisk
1.6.1.5
digiumasterisk
1.6.1.5:rc1
digiumasterisk
1.6.1.6
digiumasterisk
1.6.1.7:rc1
digiumasterisk
1.6.1.7:rc2
digiumasterisk
1.6.1.8
digiumasterisk
1.6.1.9
digiumasterisk
1.6.1.10
digiumasterisk
1.6.1.10:rc1
digiumasterisk
1.6.1.10:rc2
digiumasterisk
1.6.1.10:rc3
digiumasterisk
1.6.1.11
digiumasterisk
1.6.1.12
digiumasterisk
1.6.1.12:rc1
digiumasterisk
1.6.1.13
digiumasterisk
1.6.1.13:rc1
digiumasterisk
1.6.1.14
digiumasterisk
1.6.1.15:rc2
digiumasterisk
1.6.1.16
digiumasterisk
1.6.1.17
digiumasterisk
1.6.1.18
digiumasterisk
1.6.1.18:rc1
digiumasterisk
1.6.1.18:rc2
digiumasterisk
1.6.1.19
digiumasterisk
1.6.1.19:rc1
digiumasterisk
1.6.1.19:rc2
digiumasterisk
1.6.1.19:rc3
digiumasterisk
1.6.1.20
digiumasterisk
1.6.1.20:rc1
digiumasterisk
1.6.1.20:rc2
digiumasterisk
1.6.1.21
digiumasterisk
1.6.1.22
digiumasterisk
1.6.2.0
digiumasterisk
1.6.2.0:rc2
digiumasterisk
1.6.2.0:rc3
digiumasterisk
1.6.2.0:rc4
digiumasterisk
1.6.2.0:rc5
digiumasterisk
1.6.2.0:rc6
digiumasterisk
1.6.2.0:rc7
digiumasterisk
1.6.2.0:rc8
digiumasterisk
1.6.2.1
digiumasterisk
1.6.2.1:rc1
digiumasterisk
1.6.2.2
digiumasterisk
1.6.2.3:rc2
digiumasterisk
1.6.2.4
digiumasterisk
1.6.2.5
digiumasterisk
1.6.2.6
digiumasterisk
1.6.2.6:rc1
digiumasterisk
1.6.2.6:rc2
digiumasterisk
1.6.2.15:rc1
digiumasterisk
1.6.2.16
digiumasterisk
1.6.2.16:rc1
digiumasterisk
1.6.2.16.1
digiumasterisk
1.6.2.17
digiumasterisk
1.6.2.17:rc1
digiumasterisk
1.6.2.17:rc2
digiumasterisk
1.6.2.17:rc3
digiumasterisk
1.8.0
digiumasterisk
1.8.0:beta1
digiumasterisk
1.8.0:beta2
digiumasterisk
1.8.0:beta3
digiumasterisk
1.8.0:beta4
digiumasterisk
1.8.0:beta5
digiumasterisk
1.8.0:rc2
digiumasterisk
1.8.0:rc3
digiumasterisk
1.8.0:rc4
digiumasterisk
1.8.0:rc5
digiumasterisk
1.8.1
digiumasterisk
1.8.1:rc1
digiumasterisk
1.8.1.1
digiumasterisk
1.8.1.2
digiumasterisk
1.8.2
digiumasterisk
1.8.2.1
digiumasterisk
1.8.2.2
digiumasterisk
1.8.2.3
digiumasterisk
1.8.3
digiumasterisk
1.8.3:rc1
digiumasterisk
1.8.3:rc2
digiumasterisk
1.8.3:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
lenny
not-affected
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
natty
Fixed 1:1.6.2.9-2ubuntu2.1
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.2
released
lucid
Fixed 1:1.6.2.5-0ubuntu1.4
released
karmic
ignored
hardy
ignored
dapper
ignored
References
http://downloads.asterisk.org/pub/security/AST-2011-004.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
http://openwall.com/lists/oss-security/2011/03/17/5
http://openwall.com/lists/oss-security/2011/03/21/12
http://securitytracker.com/id?1025224
http://www.debian.org/security/2011/dsa-2225
http://www.securityfocus.com/bid/46898
http://www.vupen.com/english/advisories/2011/0686
http://www.vupen.com/english/advisories/2011/0790
https://bugzilla.redhat.com/show_bug.cgi?id=688678
https://exchange.xforce.ibmcloud.com/vulnerabilities/66140
http://downloads.asterisk.org/pub/security/AST-2011-004.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
http://openwall.com/lists/oss-security/2011/03/17/5
http://openwall.com/lists/oss-security/2011/03/21/12
http://securitytracker.com/id?1025224
http://www.debian.org/security/2011/dsa-2225
http://www.securityfocus.com/bid/46898
http://www.vupen.com/english/advisories/2011/0686
http://www.vupen.com/english/advisories/2011/0790
https://bugzilla.redhat.com/show_bug.cgi?id=688678
https://exchange.xforce.ibmcloud.com/vulnerabilities/66140