Multiple stack-based and heap-based buffer overflows in Asterisk Open Source versions 1.4.x, 1.6.1.x, 1.6.2.x, and 1.8, Business Edition C.x.x, AsteriskNOW 1.5, and s800i (Asterisk Appliance) allow remote code execution and denial of service

Multiple stack-based and heap-based buffer overflows in Asterisk Open Source versions 1.4.x, 1.6.1.x, 1.6.2.x, and 1.8, Business Edition C.x.x, AsteriskNOW 1.5, and s800i (Asterisk Appliance) allow remote code execution and denial of service

CVE-2011-1147 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

Learn more about our Open Source Audit.