CVE-2004-0097
published 2004-03-03CVE-2004-0097: Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the…
PriorityP333critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.31%
95.1th percentile
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openh323_project | pwlib | <= 1.6.0 | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-01-21·CVSS 10.0
CVE-2004-0097 [CRITICAL] security flaw
security flaw
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Cisco
Vulnerabilities in H.323 Message Processing
vendor_cisco·2004-01-13
CVE-2003-0819 Vulnerabilities in H.323 Message Processing
Vulnerabilities in H.323 Message Processing
Multiple Cisco products contain vulnerabilities in the processing of
H.323 messages, which are typically used in Voice over Internet Protocol (VoIP)
or multimedia applications. A test suite has been developed by the University
of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco
IOS® Software Release 11.3T. Release 11.3T, and all
later Cisco IOS releases may be affected if the software includes support for
voice/multimedia applications. Vulnerable devices include those that contain
software support for H.323 as network elements as well as those configured for
IOS Network Address Translation (NAT) and those configured for IOS Firewall
(also known as Context-Based Access Control [CB
Cisco
Vulnerabilities in H.323 Message Processing
vendor_cisco
CVE-2004-0097 Vulnerabilities in H.323 Message Processing
CVE-2004-0097: Vulnerabilities in H.323 Message Processing
Multiple Cisco products contain vulnerabilities in the processing of H.323 messages, which are typically used in Voice over Internet Protocol (VoIP) or multimedia applications. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS � Software Release 11.3T. Release 11.3T, and all later Cisco IOS releases may be affected if the software includes support for voice/multimedia applications. Vulnerable devices include those that contain software support for H.323 as network elements as well as those configured for IOS Network Address Translation (NAT) and those configured for IOS Firewall (also known as Context-Based Acces
GHSA
GHSA-p36x-7hrc-jp22: Multiple vulnerabilities in PWLib before 1
ghsa_unreviewed·2022-04-29
CVE-2004-0097 [HIGH] GHSA-p36x-7hrc-jp22: Multiple vulnerabilities in PWLib before 1
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0097 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0097 [CRITICAL] CVE-2004-0097 security flaw
CVE-2004-0097 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Bugzilla
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
bugzilla·2004-02-13
[MEDIUM] CAN-2004-0097 PWlib/OpenH323 vulnerabilities
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.
"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines."
Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6
The pwlib-1.4.7-ranges.patch applies cleanly against pwlib-1.5.0 from
Fedora Core 1.
Discussion:
Created attachment 97647
SPEC file to add CVE-CAN-2004-0097 ranges patch
---
Created attachment 97648
Patch taken from RHL 9 to address CVE-CAN-2004-0097
This patch patches cleanly against Fedora Core 1's pwlib-1.5.0.
---
Just a question as I stumbled on hunk #
Bugzilla
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
bugzilla·2004-01-26
[MEDIUM] CAN-2004-0097 PWlib/OpenH323 vulnerabilities
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.
"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines."
Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6
CVE applied for (should be one name)
Discussion:
I think this requires changes that are slightly different than the
ones the RHL9/AS needed, since its a slightly later version. Maybe we
should upgrade to the fixed version?
---
*** Bug 115563 has been marked as a duplicate of this bug. ***
---
As the patch from RHL 9 applies cleanly and the fix you applied s
Bugzilla
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
bugzilla·2004-01-26
[MEDIUM] CAN-2004-0097 PWlib/OpenH323 vulnerabilities
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.
"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines."
Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6
CVE applied for (should be one name)
Discussion:
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does no
Bugzilla
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
bugzilla·2004-01-26
[MEDIUM] CAN-2004-0097 PWlib/OpenH323 vulnerabilities
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.
"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines."
Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6
CVE applied for (should be one name)
Discussion:
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does no
http://www.cert.org/advisories/CA-2004-01.htmlhttp://www.debian.org/security/2004/dsa-448http://www.kb.cert.org/vuls/id/749342http://www.redhat.com/support/errata/RHSA-2004-047.htmlhttp://www.securityfocus.com/bid/9406https://exchange.xforce.ibmcloud.com/vulnerabilities/15202https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10056https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A803https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A826http://www.cert.org/advisories/CA-2004-01.htmlhttp://www.debian.org/security/2004/dsa-448http://www.kb.cert.org/vuls/id/749342http://www.redhat.com/support/errata/RHSA-2004-047.htmlhttp://www.securityfocus.com/bid/9406https://exchange.xforce.ibmcloud.com/vulnerabilities/15202https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10056https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A803https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A826
2004-03-03
Published