Multiple buffer overflows in Asterisk Open Source 1.4.x prior to 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x prior to 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x prior to 1.0.2, Appliance Developer Kit prior to 1.4 revision 109386, and s800i 1.1.x prior to 1.1.0.2 allow remote malicious users to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asterisk open source |
||
asterisk s800i |
||
asterisk asterisk business edition |
||
asterisk asterisknow |
||
asterisk asterisk appliance developer kit 1.4 |