CVE-2016-2232Asterisk vulnerability

7 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
7.9%
top 7.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digium AsteriskDebian AsteriskDigium Certified Asterisk
Timeline
PublishedFeb 22
Latest updateMay 17

Description

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDdigium/certified_asterisk5 versions+4
debiandebian/asterisk< asterisk 1:13.7.2~dfsg-1 (bullseye)
Debiandigium/asterisk< 1:13.7.2~dfsg-1
NVDdigium/asterisk117 versions+116

🔴Vulnerability Details

2
GHSA
GHSA-797w-rfcx-w327: Asterisk Open Source 12022-05-17
OSV
CVE-2016-2232: Asterisk Open Source 12016-02-22

📋Vendor Advisories

1
Debian
CVE-2016-2232: asterisk - Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 an...2016

💬Community

3
Bugzilla
CVE-2016-2232 asterisk: remote crash vulnerability when receiving UDPTL FAX data (AST-2016-003)2016-02-11
Bugzilla
CVE-2016-2232 asterisk: various flaws [fedora-all]2016-02-11
Bugzilla
CVE-2016-2232 asterisk: various flaws [epel-6]2016-02-11
CVE-2016-2232 — Debian Asterisk vulnerability | cvebase