CVE-2011-1507 — Allocation of File Descriptors or Handles Without Limits or Throttling in Asterisk

CWE-3997 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 64.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedApr 27

Latest updateMay 17

Description

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.8.3.3-1 (bullseye)

▶Debiandigium/asterisk< 1:1.8.3.3-1

▶NVDdigium/asterisk123 versions+122

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rcww-x8ph-8v37: Asterisk Open Source 1↗2022-05-17

▶

OSV

CVE-2011-1507: Asterisk Open Source 1↗2011-04-27

▶

📋Vendor Advisories

Debian

CVE-2011-1507: asterisk - Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x bef...↗2011

▶

💬Community

Bugzilla

CVE-2011-1507 CVE-2011-1599 asterisk various flaws [epel-6]↗2011-04-22

▶

Bugzilla

CVE-2011-1507 CVE-2011-1599 asterisk various flaws [fedora-all]↗2011-04-22

▶

Bugzilla

CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)↗2011-04-22

▶