CVE-2011-1175
published 2011-03-31CVE-2011-1175: tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.72%
84.2th percentile
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.8.3.3-1 (bullseye) | asterisk 1:1.8.3.3-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cfj4-pwcj-qhgc: tcptls
ghsa_unreviewed·2022-05-17
CVE-2011-1175 [MEDIUM] GHSA-cfj4-pwcj-qhgc: tcptls
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
OSV
CVE-2011-1175: tcptls
osv·2011-03-31·CVSS 5.0
CVE-2011-1175 [MEDIUM] CVE-2011-1175: tcptls
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
Debian
CVE-2011-1175: asterisk - tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, ...
vendor_debian·2011·CVSS 5.0
CVE-2011-1175 [MEDIUM] CVE-2011-1175: asterisk - tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, ...
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
Scope: local
bullseye: resolved (fixed in 1:1.8.3.3-1)
sid: resolved (fixed in 1:1.8.3.3-1)
No detection rules found.
No public exploits indexed.
http://downloads.asterisk.org/pub/security/AST-2011-004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.htmlhttp://openwall.com/lists/oss-security/2011/03/17/5http://openwall.com/lists/oss-security/2011/03/21/12http://securitytracker.com/id?1025224http://www.debian.org/security/2011/dsa-2225http://www.securityfocus.com/bid/46898http://www.vupen.com/english/advisories/2011/0686http://www.vupen.com/english/advisories/2011/0790https://bugzilla.redhat.com/show_bug.cgi?id=688678https://exchange.xforce.ibmcloud.com/vulnerabilities/66140http://downloads.asterisk.org/pub/security/AST-2011-004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.htmlhttp://openwall.com/lists/oss-security/2011/03/17/5http://openwall.com/lists/oss-security/2011/03/21/12http://securitytracker.com/id?1025224http://www.debian.org/security/2011/dsa-2225http://www.securityfocus.com/bid/46898http://www.vupen.com/english/advisories/2011/0686http://www.vupen.com/english/advisories/2011/0790https://bugzilla.redhat.com/show_bug.cgi?id=688678https://exchange.xforce.ibmcloud.com/vulnerabilities/66140
2011-03-31
Published