Page 7 of 55 results (0.004 seconds)

CVSS: 5.0EPSS: 39%CPEs: 195EXPL: 0

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v1.6.2.18.1, y v1.8.x anteriores a v1.8.4.3, y Asterisk Business Edition vC.3 anteriores a vC.3.7.3, accede a una dirección de memoria contenida en un marco de control de opción, que permite a atacantes remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a través de un marco manipulado. • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-010.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://secunia.com/advisories/44973 http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 http://securitytracker.com/id?1025708 http://www.debian.org/security/2011/dsa-2276 http://www.osvdb.org/73309 http://www.secu • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 6%CPEs: 162EXPL: 0

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.6.x anterior a v1.6.2.18.1 y v1.8.x anteriores a v1.8.4.3 no manejan adecuadamente los caracteres '\0' en los paquetes SIP, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de un paquete diseñado. • http://downloads.asterisk.org/pub/security/AST-2011-008.diff http://downloads.asterisk.org/pub/security/AST-2011-008.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 http://securitytracker.com/id?1025706 http://www.debian.org/security/2011/dsa-2276 http://www.osvdb.org/73307 http://www.securityfocus.com/bid/48431 https://exchange.xfo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 7%CPEs: 32EXPL: 0

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. reqresp_parser.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anteriores a v1.8.4.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de un paquete SIP con una cabecera Contact que carece de un carácter < (menos que). • http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-009.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 http://www.debian.org/security/2011/dsa-2276 •

CVSS: 5.0EPSS: 0%CPEs: 198EXPL: 0

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2, v1.6.2.x anteriores a v1.6.2.18.2, y v1.8.x anteriores a v1.8.4.4, y Asterisk Business Edition vC.3.x anteriores a vC.3.7.3,no tiene en cuenta la opción alwaysauthreject y genera diferentes respuestas no válidas para solicitudes SIP en función de si la cuenta de usuario existe, lo que permite a atacantes remotos enumerar los nombres de cuenta a través de una serie de peticiones. • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 8%CPEs: 31EXPL: 0

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. reqresp_parser.c del driver del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.4.2 no inicializa ciertas cadenas,lo que permite a atacantes remotos provocar una denegación de servicio ( desreferenciar un puntero NULL y caída de demonio ) a través de un cabecera de contacto con formato incorrecto. • http://downloads.digium.com/pub/security/AST-2011-007.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html http://osvdb.org/72752 http://secunia.com/advisories/44828 http://securitytracker.com/id?1025598 http://www.securityfocus.com/archive/1/518236/100/0/threaded http://www.securityfocus.com/bid/48096 https://exchange.xforce.ibmcloud.com/vulnerabilities/67812 •