PT-2011-3921 · Digium · Asterisk Business Edition+1
Published
2011-07-06
·
Updated
2017-08-29
·
CVE-2011-2535
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.4.x through 1.4.41.1
Asterisk Open Source versions 1.6.2.x through 1.6.2.18.1
Asterisk Open Source versions 1.8.x through 1.8.4.3
Asterisk Business Edition C.3 through C.3.7.3
Description
The issue allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. This occurs because the chan iax2.c in the IAX2 channel driver accesses a memory address contained in an option control frame.
Recommendations
For Asterisk Open Source versions 1.4.x through 1.4.41.1, update to version 1.4.41.1 or later.
For Asterisk Open Source versions 1.6.2.x through 1.6.2.18.1, update to version 1.6.2.18.1 or later.
For Asterisk Open Source versions 1.8.x through 1.8.4.3, update to version 1.8.4.3 or later.
For Asterisk Business Edition C.3 through C.3.7.3, update to version C.3.7.3 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk Business Edition
Asterisk Open Source