CVE-2003-0761 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 67.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedSep 17

Latest updateApr 29

Description

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 0.5.0 (bullseye)

▶Debiandigium/asterisk< 0.5.0

▶NVDdigium/asterisk1.2.13

🔴Vulnerability Details

GHSA

GHSA-92v8-64cc-mmr5: Buffer overflow in the get_msg_text of chan_sip↗2022-04-29

▶

OSV

CVE-2003-0761: Buffer overflow in the get_msg_text of chan_sip↗2003-09-17

▶

📋Vendor Advisories

Debian

CVE-2003-0761: asterisk - Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Prot...↗2003

▶