Format String Vulnerability in Asterisk Open Source by Digium
CVE-2008-1333

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 20 March 2008

What is CVE-2008-1333?

A vulnerability exists in Asterisk Open Source versions prior to 1.6.0-beta6, where improper handling of logging messages can allow remote attackers to execute arbitrary code. Specifically, this issue affects the ast_verbose logging API call and the astman_append function, leading to potential exploitation via maliciously crafted input.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41301

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/489823/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1019630

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Mar 20, 2008
Vulnerability Reserved
Mar 13, 2008