[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-2535

Date: (C)2011-07-06   (M)2017-08-29
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.

Reference:
SECTRACK-1025708
SECUNIA-44973
SECUNIA-45048
SECUNIA-45201
SECUNIA-45239
BID-48431
OSVDB-73309
DSA-2276
FEDORA-2011-8914
IAVM:2011-A-0095
asterisk-iax2channeldriver-dos(68205)
http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff
http://downloads.asterisk.org/pub/security/AST-2011-010.html

CPE    195
cpe:/a:digium:asterisk:c.3.6.4:-:business
cpe:/a:digium:asterisk:c.3.1.1:-:business
cpe:/a:digium:asterisk:c.3.1.0:-:business
cpe:/a:digium:asterisk:c.3.0:-:business
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:600587
oval:org.secpod.oval:def:600586

© 2013 SecPod Technologies