CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35652
https://notcve.org/view.php?id=CVE-2020-35652
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. Se detectó un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a 16.15.0, versiones 17.x anteriores a 17.9.0 y versiones 18.x anteriores a 18.1.0. Puede ocurrir un bloqueo cuando es recibido un mensaje SIP con un encabezado History-Info que contiene un tel-uri, o cuando es recibida una respuesta SIP 181 que contiene un tel-uri en el encabezado Diversion • https://downloads.asterisk.org/pub/security/AST-2020-003.html https://downloads.asterisk.org/pub/security/AST-2020-004.html https://issues.asterisk.org/jira/browse/ASTERISK-29191 https://issues.asterisk.org/jira/browse/ASTERISK-29219 •
CVSS: 7.5EPSS: 78%CPEs: 7EXPL: 1CVE-2018-7284 – Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
https://notcve.org/view.php?id=CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. Se ha descubierto un problema de desbordamiento de búfer en Asterisk hasta la versión 13.19.1; versiones 14.x anteriores a la 14.7.5 y las versiones 15.x anteriores a la 15.2.1, así como Certified Asterisk hasta la versión 13.18-cert2. • https://www.exploit-db.com/exploits/44184 http://downloads.asterisk.org/pub/security/AST-2018-004.html http://www.securityfocus.com/bid/103151 http://www.securitytracker.com/id/1040416 https://www.debian.org/security/2018/dsa-4320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 69%CPEs: 15EXPL: 1CVE-2017-17090 – Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2017-17090
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (también conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones. • https://www.exploit-db.com/exploits/43992 http://downloads.digium.com/pub/security/AST-2017-013.html http://www.securityfocus.com/bid/102023 http://www.securitytracker.com/id/1039948 https://issues.asterisk.org/jira/browse/ASTERISK-27452 https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html https://www.debian.org/security/2017/dsa-4076 • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 288EXPL: 0CVE-2016-2232
https://notcve.org/view.php?id=CVE-2016-2232
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3 permiten a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero no inicializado y caída) a través de un error de longitud cero corrigiendo la redundancia de paquetes para un paquete UDPTL FAX que se ha perdido. • http://downloads.asterisk.org/pub/security/AST-2016-003.html http://www.debian.org/security/2016/dsa-3700 http://www.securitytracker.com/id/1034931 •
CVSS: 7.1EPSS: 2%CPEs: 290EXPL: 1CVE-2016-2316
https://notcve.org/view.php?id=CVE-2016-2316
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3, cuando la configuración de timert1 en sip.conf se establece en un valor mayor que 1245, permite a atacantes remotos causar una denegación de servicio (consumo de descriptor de archivo) a través de vectores relacionados con valores de caducidad de retransmisión grandes. • http://downloads.asterisk.org/pub/security/AST-2016-002.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html http://www.debian.org/security/2016/dsa-3700 http://www.securityfocus.com/bid/82651 http://www.securitytracker.com/id/1034930 • CWE-191: Integer Underflow (Wrap or Wraparound) •