CVE-2011-2529

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
digiumasterisk
1.6.0
digiumasterisk
1.6.0:beta1
digiumasterisk
1.6.0:beta2
digiumasterisk
1.6.0:beta3
digiumasterisk
1.6.0:beta4
digiumasterisk
1.6.0:beta5
digiumasterisk
1.6.0:beta6
digiumasterisk
1.6.0:beta7
digiumasterisk
1.6.0:beta7.1
digiumasterisk
1.6.0:beta8
digiumasterisk
1.6.0:beta9
digiumasterisk
1.6.0:rc4
digiumasterisk
1.6.0:rc5
digiumasterisk
1.6.0:rc6
digiumasterisk
1.6.0.1
digiumasterisk
1.6.0.2
digiumasterisk
1.6.0.3
digiumasterisk
1.6.0.3:rc1
digiumasterisk
1.6.0.4:rc1
digiumasterisk
1.6.0.5
digiumasterisk
1.6.0.6
digiumasterisk
1.6.0.7
digiumasterisk
1.6.0.8
digiumasterisk
1.6.0.9
digiumasterisk
1.6.0.10
digiumasterisk
1.6.0.11
digiumasterisk
1.6.0.11:rc1
digiumasterisk
1.6.0.11:rc2
digiumasterisk
1.6.0.12
digiumasterisk
1.6.0.13
digiumasterisk
1.6.0.14
digiumasterisk
1.6.0.14:rc1
digiumasterisk
1.6.0.15
digiumasterisk
1.6.0.16
digiumasterisk
1.6.0.16:rc1
digiumasterisk
1.6.0.16:rc2
digiumasterisk
1.6.0.17
digiumasterisk
1.6.0.18
digiumasterisk
1.6.0.18:rc1
digiumasterisk
1.6.0.18:rc2
digiumasterisk
1.6.0.18:rc3
digiumasterisk
1.6.0.19
digiumasterisk
1.6.0.20:rc1
digiumasterisk
1.6.0.21
digiumasterisk
1.6.0.21:rc1
digiumasterisk
1.6.0.22
digiumasterisk
1.6.0.23:rc2
digiumasterisk
1.6.0.24
digiumasterisk
1.6.0.25
digiumasterisk
1.6.0.26
digiumasterisk
1.6.1
digiumasterisk
1.6.1:beta1
digiumasterisk
1.6.1:beta2
digiumasterisk
1.6.1:beta3
digiumasterisk
1.6.1:beta4
digiumasterisk
1.6.1:rc1
digiumasterisk
1.6.1.0
digiumasterisk
1.6.1.0:rc2
digiumasterisk
1.6.1.0:rc3
digiumasterisk
1.6.1.0:rc4
digiumasterisk
1.6.1.0:rc5
digiumasterisk
1.6.1.1
digiumasterisk
1.6.1.2
digiumasterisk
1.6.1.3:rc1
digiumasterisk
1.6.1.4
digiumasterisk
1.6.1.5
digiumasterisk
1.6.1.5:rc1
digiumasterisk
1.6.1.6
digiumasterisk
1.6.1.7:rc1
digiumasterisk
1.6.1.7:rc2
digiumasterisk
1.6.1.8
digiumasterisk
1.6.1.9
digiumasterisk
1.6.1.10
digiumasterisk
1.6.1.10:rc1
digiumasterisk
1.6.1.10:rc2
digiumasterisk
1.6.1.10:rc3
digiumasterisk
1.6.1.11
digiumasterisk
1.6.1.12
digiumasterisk
1.6.1.12:rc1
digiumasterisk
1.6.1.13
digiumasterisk
1.6.1.13:rc1
digiumasterisk
1.6.1.14
digiumasterisk
1.6.1.15:rc2
digiumasterisk
1.6.1.16
digiumasterisk
1.6.1.17
digiumasterisk
1.6.1.18
digiumasterisk
1.6.1.18:rc1
digiumasterisk
1.6.1.18:rc2
digiumasterisk
1.6.1.19
digiumasterisk
1.6.1.19:rc1
digiumasterisk
1.6.1.19:rc2
digiumasterisk
1.6.1.19:rc3
digiumasterisk
1.6.1.20
digiumasterisk
1.6.1.20:rc1
digiumasterisk
1.6.1.20:rc2
digiumasterisk
1.6.1.21
digiumasterisk
1.6.1.22
digiumasterisk
1.6.1.23
digiumasterisk
1.6.1.24
digiumasterisk
1.6.2.0
digiumasterisk
1.6.2.0:rc2
digiumasterisk
1.6.2.0:rc3
digiumasterisk
1.6.2.0:rc4
digiumasterisk
1.6.2.0:rc5
digiumasterisk
1.6.2.0:rc6
digiumasterisk
1.6.2.0:rc7
digiumasterisk
1.6.2.0:rc8
digiumasterisk
1.6.2.1
digiumasterisk
1.6.2.1:rc1
digiumasterisk
1.6.2.2
digiumasterisk
1.6.2.3:rc2
digiumasterisk
1.6.2.4
digiumasterisk
1.6.2.5
digiumasterisk
1.6.2.6
digiumasterisk
1.6.2.6:rc1
digiumasterisk
1.6.2.6:rc2
digiumasterisk
1.6.2.15:rc1
digiumasterisk
1.6.2.16
digiumasterisk
1.6.2.16:rc1
digiumasterisk
1.6.2.16.1
digiumasterisk
1.6.2.16.2
digiumasterisk
1.6.2.17
digiumasterisk
1.6.2.17:rc1
digiumasterisk
1.6.2.17:rc2
digiumasterisk
1.6.2.17:rc3
digiumasterisk
1.6.2.17.1
digiumasterisk
1.6.2.17.2
digiumasterisk
1.6.2.17.3
digiumasterisk
1.6.2.18
digiumasterisk
1.6.2.18:rc1
digiumasterisk
1.8.0
digiumasterisk
1.8.0:beta1
digiumasterisk
1.8.0:beta2
digiumasterisk
1.8.0:beta3
digiumasterisk
1.8.0:beta4
digiumasterisk
1.8.0:beta5
digiumasterisk
1.8.0:rc2
digiumasterisk
1.8.0:rc3
digiumasterisk
1.8.0:rc4
digiumasterisk
1.8.0:rc5
digiumasterisk
1.8.1
digiumasterisk
1.8.1:rc1
digiumasterisk
1.8.1.1
digiumasterisk
1.8.1.2
digiumasterisk
1.8.2
digiumasterisk
1.8.2.1
digiumasterisk
1.8.2.2
digiumasterisk
1.8.2.3
digiumasterisk
1.8.2.4
digiumasterisk
1.8.3
digiumasterisk
1.8.3:rc1
digiumasterisk
1.8.3:rc2
digiumasterisk
1.8.3:rc3
digiumasterisk
1.8.3.1
digiumasterisk
1.8.3.2
digiumasterisk
1.8.3.3
digiumasterisk
1.8.4
digiumasterisk
1.8.4:rc1
digiumasterisk
1.8.4:rc2
digiumasterisk
1.8.4:rc3
digiumasterisk
1.8.4.1
digiumasterisk
1.8.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
Fixed 1:1.6.2.9-2ubuntu2.1
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.2
released
lucid
Fixed 1:1.6.2.5-0ubuntu1.4
released
hardy
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2011-008.diff
http://downloads.asterisk.org/pub/security/AST-2011-008.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
http://secunia.com/advisories/45048
http://secunia.com/advisories/45201
http://secunia.com/advisories/45239
http://securitytracker.com/id?1025706
http://www.debian.org/security/2011/dsa-2276
http://www.osvdb.org/73307
http://www.securityfocus.com/bid/48431
https://exchange.xforce.ibmcloud.com/vulnerabilities/68203
http://downloads.asterisk.org/pub/security/AST-2011-008.diff
http://downloads.asterisk.org/pub/security/AST-2011-008.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
http://secunia.com/advisories/45048
http://secunia.com/advisories/45201
http://secunia.com/advisories/45239
http://securitytracker.com/id?1025706
http://www.debian.org/security/2011/dsa-2276
http://www.osvdb.org/73307
http://www.securityfocus.com/bid/48431
https://exchange.xforce.ibmcloud.com/vulnerabilities/68203