Vulnerability Details : CVE-2010-0441
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
Vulnerability category: Input validationDenial of service
Threat overview for CVE-2010-0441
Top countries where our scanners detected CVE-2010-0441
Top open port discovered on systems with this issue
80
IPs affected by CVE-2010-0441 10
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-0441!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-0441
Probability of exploitation activity in the next 30 days: 34.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0441
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-0441
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0441
-
http://downloads.asterisk.org/pub/security/AST-2010-001.html
-
https://issues.asterisk.org/view.php?id=16517
[ASTERISK-15371] Segfault while setting up T.38 fax reception - Digium/Asterisk JIRA
-
https://issues.asterisk.org/view.php?id=16634
[ASTERISK-15457] asterisk crashes while fax sending - Digium/Asterisk JIRA
-
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
Patch
-
http://www.vupen.com/english/advisories/2010/0289
Webmail | OVH- OVHVendor Advisory
-
https://issues.asterisk.org/view.php?id=16724
[ASTERISK-15538] coredump on T.38 Session with 1.6.2.1 - Digium/Asterisk JIRA
-
http://www.securityfocus.com/bid/38047
Asterisk T.38 'FaxMaxDatagram' Remote Denial of Service Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
[SECURITY] Fedora 11 Update: asterisk-1.6.1.17-1.fc11
-
http://securitytracker.com/id?1023532
Asterisk T.38 Processing Flaw Lets Remote Users Deny Service - SecurityTracker
-
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
Patch
-
http://www.securityfocus.com/archive/1/509327/100/0/threaded
SecurityFocus
-
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
Products affected by CVE-2010-0441
- cpe:2.3:a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.10-rc2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:c.3.1.1:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.20-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.13-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.21-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.10-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.12-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:c.3.2.2:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:c.3.3.3:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.2.1-rc1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.6.1.13:*:*:*:*:*:*:*