Multiple stack-based and heap-based buffer overflows in Asterisk Open Source versions 1.4.x, 1.6.1.x, 1.6.2.x, and 1.8, Business Edition C.x.x, AsteriskNOW 1.5, and s800i (Asterisk Appliance) allow remote code execution and denial of service
CVE-2011-1147 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
Learn more about our Open Source Audit.