Buffer Overflow Vulnerability in Asterisk Open Source and Business Edition
CVE-2008-1289

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisknow; Asterisk Business Edition; Open Source; Asterisk Appliance Developer Kit
Vendor: CVE Published:; 24 March 2008

Summary

The vulnerability exists due to multiple buffer overflow issues in various Asterisk products. Attackers can exploit these vulnerabilities by sending specially crafted RTP payloads that can write arbitrary values to memory locations, potentially allowing execution of malicious code. The affected functions include ast_rtp_unset_m_type in main/rtp.c and process_sdp in channels/chan_sip.c, which handle RTP payloads. This makes Asterisk installations vulnerable to remote exploitation without proper safeguards.

References

http://www.securityfocus.com/bid/28308

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/3763

third-party-advisoryx_refsource_SREASON

http://labs.musecurity.com/advisories/MU-200803-01.txt

x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2008
Vulnerability Reserved
Mar 12, 2008