CVE-2010-0441Improper Input Validation in Asterisk

CWE-20Improper Input Validation6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
3.5%
top 12.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AsteriskDebian Asterisk
Timeline
PublishedFeb 4
Latest updateMay 2

Description

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/asterisk< asterisk 1:1.6.2.2-1 (bullseye)
Debianasterisk/asterisk< 1:1.6.2.2-1
NVDasterisk/asterisk53 versions+52

Patches

Patch: downloads.asterisk.orgPatch: downloads.asterisk.orgPatch: downloads.asterisk.org

🔴Vulnerability Details

2
GHSA
GHSA-q2qq-4jfp-7w3h: Asterisk Open Source 12022-05-02
OSV
CVE-2010-0441: Asterisk Open Source 12010-02-04

📋Vendor Advisories

2
Red Hat
Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001)2010-02-02
Debian
CVE-2010-0441: asterisk - Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2...2010

💬Community

1
Bugzilla
CVE-2010-0441 Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001)2010-02-03
CVE-2010-0441 — Improper Input Validation in Asterisk | cvebase