ID CVE-2011-1175
Summary tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 46898
confirm
debian DSA-2225
fedora
  • FEDORA-2011-3942
  • FEDORA-2011-3945
  • FEDORA-2011-3958
mlist
  • [oss-security] 20110317 CVE request for Asterisk flaws
  • [oss-security] 20110321 Re: CVE request for Asterisk flaws
sectrack 1025224
vupen
  • ADV-2011-0686
  • ADV-2011-0790
xf asterisk-handletcptlsconnection-dos(66140)
Last major update 17-08-2017 - 01:33
Published 31-03-2011 - 22:55
Last modified 17-08-2017 - 01:33
Back to Top