CVSS: 4.0EPSS: 1%CPEs: 130EXPL: 0CVE-2012-3812
https://notcve.org/view.php?id=CVE-2012-3812
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. vulnerabilidad de doble liberación en apps/app_voicemail.c en Asterisk Open Source v1.8.x anteriores v1.8.13.1 y v10.x anteriores a v10.5.2, Certified Asterisk v1.8.11-certx anteriores a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anteriores a v10.5.2-digiumphones permite a usuarios autenticados remotos a provocar una denegación de servicio (caída del demonio) debido al establecimiento de múltiples sesiones correo de voz y accediendo a buzón urgente (Urgent) a través del buzón de entrada INBOX. • http://downloads.asterisk.org/pub/security/AST-2012-011.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/54317 https://issues.asterisk.org/jira/browse/ASTERISK-20052 • CWE-399: Resource Management Errors •
CVSS: 2.6EPSS: 1%CPEs: 105EXPL: 0CVE-2012-2947
https://notcve.org/view.php?id=CVE-2012-2947
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando una determinada opción mohinterpret está habilitada, permite a atacantes remotos causar una denegación de servicio (caída de demonio) mediante la colocación de una llamada en espera. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html http://downloads.asterisk.org/pub/security/AST-2012-007.html http://secunia.com/advisories/49303 http://www.debian.org/security/2012/dsa-2493 http://www.securitytracker.com/id?1027102 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 6%CPEs: 5EXPL: 0CVE-2012-1183
https://notcve.org/view.php?id=CVE-2012-1183
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función milliwatt_generate en main/utils.c en Asterisk Asterisk v1.4.x antes de v1.4.44, v1.6.x antes de v1.6.2.23, v1.8.x antes de v1.8.10.1, and v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección a través de una gran número de muestras en un paquete de audio. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff http://downloads.asterisk.org/pub/security/AST-2012-002.pdf http://osvdb.org/80125 http://secunia.com/advisories/48417 http://secunia.com/advisories/48941 http://securitytracker.com/id?1026812 http://www.asterisk.org/node/51797 http://www.debian.org/security/2012/dsa-2460 http://www.openwall.com/lists/oss-security/2012/03/16/10 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 96%CPEs: 81EXPL: 1CVE-2012-1184 – Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2012-1184
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función ast_parse_digest en main/utils.c en Asterisk v1.8.x antes de v1.8.10.1 y v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código de su elección a través de una cadena larga en una cabecera HTTP Digest Authentication • https://www.exploit-db.com/exploits/18855 http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff http://downloads.asterisk.org/pub/security/AST-2012-003.pdf http://osvdb.org/80126 http://secunia.com/advisories/48417 http://www.asterisk.org/node/51797 http://www.openwall.com/lists/oss-security/2012/03/16/10 http://www.openwall.com/lists/oss-security/2012/03/16/17 http://www.securitytracker.com/id?1026813 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 208EXPL: 0CVE-2011-4597 – SIP Username Enumerator For Asterisk
https://notcve.org/view.php?id=CVE-2011-4597
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. La implementación de SIP sobre UDP de Asterisk Open Source 1.4.x anteriores a 1.4.43, 1.6.x anteriores a 1.6.2.21, y 1.8.x anteriores a 1.8.7.2 utiliza diferentes números de puertos para respuestas a peticiones inválidas dependiendo de si el nombre de usuario SIP existe, lo que permite a atacantes remotos enumerar nombres de usuario a través de series de peticiones. • http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html http://downloads.asterisk.org/pub/security/AST-2011-013.html http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html http://openwall.com/lists/oss-security/2011/12/09/3 http://openwall.com/lists/oss-security/2011/12/09/4 http://osvdb.org/77597 http://secunia.com/advisories/47273 http://www.debian.org/security/2011/dsa-2367 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •