CVE-2011-1147
Last modified
CVE-2011-1147 is a vulnerability of currently unknown severity. Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.. EPSS estimates a 3.52% chance of exploitation in the next 30 days.
Description
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Digium | Asterisk | 1.4.0 | — |
| Digium | Asterisk | 1.4.1 | — |
| Digium | Asterisk | 1.4.2 | — |
| Digium | Asterisk | 1.4.3 | — |
| Digium | Asterisk | 1.4.10 | — |
| Digium | Asterisk | 1.4.10.1 | — |
| Digium | Asterisk | 1.4.11 | — |
| Digium | Asterisk | 1.4.12 | — |
| Digium | Asterisk | 1.4.12.1 | — |
| Digium | Asterisk | 1.4.13 | — |
| Digium | Asterisk | 1.4.14 | — |
| Digium | Asterisk | 1.4.15 | — |
| Digium | Asterisk | 1.4.16 | — |
| Digium | Asterisk | 1.4.16.1 | — |
| Digium | Asterisk | 1.4.16.2 | — |
| Digium | Asterisk | 1.4.17 | — |
| Digium | Asterisk | 1.4.18 | — |
| Digium | Asterisk | 1.4.19 | — |
| Digium | Asterisk | 1.4.19.1 | — |
| Digium | Asterisk | 1.4.19.2 | — |
| Digium | Asterisk | 1.4.20 | — |
| Digium | Asterisk | 1.4.20.1 | — |
| Digium | Asterisk | 1.4.21 | — |
| Digium | Asterisk | 1.4.21.1 | — |
| Digium | Asterisk | 1.4.21.2 | — |
| Digium | Asterisk | 1.4.22 | — |
| Digium | Asterisk | 1.4.22.1 | — |
| Digium | Asterisk | 1.4.22.2 | — |
| Digium | Asterisk | 1.4.23 | — |
| Digium | Asterisk | 1.4.23.1 | — |
| Digium | Asterisk | 1.4.23.2 | — |
| Digium | Asterisk | 1.4.24 | — |
| Digium | Asterisk | 1.4.24.1 | — |
| Digium | Asterisk | 1.4.25 | — |
| Digium | Asterisk | 1.4.25.1 | — |
| Digium | Asterisk | 1.4.26 | — |
| Digium | Asterisk | 1.4.26.1 | — |
| Digium | Asterisk | 1.4.26.2 | — |
| Digium | Asterisk | 1.4.26.3 | — |
| Digium | Asterisk | 1.4.27 | — |
| Digium | Asterisk | 1.4.27.1 | — |
| Digium | Asterisk | 1.4.28 | — |
| Digium | Asterisk | 1.4.29 | — |
| Digium | Asterisk | 1.4.29.1 | — |
| Digium | Asterisk | 1.4.30 | — |
| Digium | Asterisk | 1.4.31 | — |
| Digium | Asterisk | 1.4.32 | — |
| Digium | Asterisk | 1.4.33 | — |
| Digium | Asterisk | 1.4.33.1 | — |
| Digium | Asterisk | 1.4.34 | — |
Showing 50 of 112 affected configurations. See NVD for the full list.
References
- http://downloads.asterisk.org/pub/security/AST-2011-002.htmlVendor Advisory
- http://secunia.com/advisories/43429Vendor Advisory
- http://secunia.com/advisories/43702Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0635Vendor Advisory
- http://downloads.asterisk.org/pub/security/AST-2011-002.htmlVendor Advisory
- http://secunia.com/advisories/43429Vendor Advisory
- http://secunia.com/advisories/43702Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0635Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1147?
How severe is CVE-2011-1147?
How do I fix CVE-2011-1147?
Are you affected by CVE-2011-1147?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST