Vulnerabilities
Vulnerable Software
Digium:  >> Asterisk  >> 1.6.0.22  Security Vulnerabilities
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
CVSS Score
5.0
EPSS Score
0.043
Published
2011-07-06
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
CVSS Score
4.3
EPSS Score
0.035
Published
2010-04-01


Contact Us

Shodan ® - All rights reserved