QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1147

Published: Mar 15, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

FEDORA-2011-2438

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_VUPEN

[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code

mailing-list

x_refsource_MLIST

FEDORA-2011-2360

vendor-advisory

x_refsource_FEDORA

FEDORA-2011-2558

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_SECTRACK

[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code

mailing-list

x_refsource_MLIST

http://downloads.asterisk.org/pub/security/AST-2011-002.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.