vendor:
Asterisk
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Asterisk
Affected Version From: Asterisk Open Source prior to 1.4.18.1 and 1.4.19-rc3, Asterisk Open Source prior to 1.6.0-beta6, Asterisk Business Edition prior to C.1.6.1, AsteriskNOW prior to 1.0.2, Asterisk Appliance Developer Kit prior to Asterisk 1.4 revision 109386, s800i (Asterisk Appliance) prior to 1.1.0.2
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Asterisk Multiple Buffer Overflow Vulnerabilities
Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting these issues may allow an attacker to corrupt memory and cause denial-of-service conditions or potentially execute arbitrary code in the context of the application.
Mitigation:
Upgrade to the latest version of Asterisk Open Source, Asterisk Business Edition, AsteriskNOW, Asterisk Appliance Developer Kit, or s800i (Asterisk Appliance).
