CVE-2013-7100

Name: CVE-2013-7100
Creator: NVD / NIST
Published: 2013-12-19T22:55:04.57+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 14.71%

Last modified Jun 17, 2026

CVE-2013-7100 is a vulnerability of currently unknown severity. Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.. EPSS estimates a 14.71% chance of exploitation in the next 30 days.

Description

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

Metrics

EPSS Probability

14.71%

96.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Digium	Asterisk	1.8.17.0	—
Digium	Asterisk	1.8.18.0	—
Digium	Asterisk	1.8.18.1	—
Digium	Asterisk	1.8.19.0	—
Digium	Asterisk	1.8.19.1	—
Digium	Asterisk	1.8.20.0	—
Digium	Asterisk	1.8.21.0	Rc1
Digium	Asterisk	1.8.22.0	—
Digium	Asterisk	1.8.23.0	—
Digium	Asterisk	10.10.0	—
Digium	Asterisk	10.11.0	—
Digium	Asterisk	10.12.0	—
Digium	Asterisk	10.12.1	—
Digium	Asterisk	10.12.2	—
Digium	Asterisk	11.0.0	—
Digium	Asterisk	11.0.1	—
Digium	Asterisk	11.0.2	—
Digium	Asterisk	11.1.0	—
Digium	Asterisk	11.1.1	—
Digium	Asterisk	11.1.2	—
Digium	Asterisk	11.2.0	Rc1
Digium	Asterisk	11.3.0	Rc1
Digium	Asterisk	11.4.0	—
Digium	Asterisk	11.5.0	—
Digium	Asterisk	11.5.1	—
Digium	Asterisk Digiumphones	10.0.0	—
Digium	Asterisk Digiumphones	10.11.0	—
Digium	Asterisk Digiumphones	10.12.0	—
Digium	Asterisk Digiumphones	10.12.1	—
Digium	Asterisk Digiumphones	10.12.2	—
Digium	Certified Asterisk	1.8.15	—
Digium	Certified Asterisk	11.2.0	—

References

Timeline

Published: Dec 19, 2013
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-7100?

How severe is CVE-2013-7100?

Severity scoring for CVE-2013-7100 is pending analysis. The EPSS model estimates a 14.71% probability of exploitation in the next 30 days.

How do I fix CVE-2013-7100?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-7100?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST