CVE-2008-1333Use of Externally-Controlled Format String in Asterisk

CWE-134Use of Externally-Controlled Format String7 documents6 sources
Severity
5.8MEDIUMNVD
EPSS
3.3%
top 12.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian AsteriskAsterisk Open Source
Timeline
PublishedMar 20
Latest updateMay 1

Description

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDasterisk/open_source5 versions+4
debiandebian/asterisk< asterisk 1:1.4.18.1~dfsg-1 (bullseye)

Patches

Patch: downloads.digium.comPatch: downloads.digium.com

🔴Vulnerability Details

2
GHSA
GHSA-856p-vmg2-whf5: Format string vulnerability in Asterisk Open Source 12022-05-01
OSV
CVE-2008-1333: Format string vulnerability in Asterisk Open Source 12008-03-20

📋Vendor Advisories

3
Debian
CVE-2008-1333: asterisk - Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 mig...2008
Red Hat
asterisk: Format String Vulnerability in Logger and Manager (AST-2008-004)
Red Hat
CVE-2008-5377: pstopdf in CUPS 1

💬Community

1
Bugzilla
CVE-2008-1333 asterisk: Format String Vulnerability in Logger and Manager (AST-2008-004)2008-03-19
CVE-2008-1333 — Debian Asterisk vulnerability | cvebase