Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0441

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Feb, 2010 | 18:00
Updated At-07 Aug, 2024 | 00:52
Rejected At-
Credits

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Feb, 2010 | 18:00
Updated At:07 Aug, 2024 | 00:52
Rejected At:
â–¼CVE Numbering Authority (CNA)

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
x_refsource_CONFIRM
https://issues.asterisk.org/view.php?id=16517
x_refsource_CONFIRM
https://issues.asterisk.org/view.php?id=16634
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0289
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/38047
vdb-entry
x_refsource_BID
http://secunia.com/advisories/39096
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
vendor-advisory
x_refsource_FEDORA
https://issues.asterisk.org/view.php?id=16724
x_refsource_CONFIRM
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/509327/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
x_refsource_CONFIRM
http://secunia.com/advisories/38395
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1023532
vdb-entry
x_refsource_SECTRACK
http://downloads.asterisk.org/pub/security/AST-2010-001.html
x_refsource_CONFIRM
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
Resource:
x_refsource_CONFIRM
Hyperlink: https://issues.asterisk.org/view.php?id=16517
Resource:
x_refsource_CONFIRM
Hyperlink: https://issues.asterisk.org/view.php?id=16634
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/0289
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/38047
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/39096
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://issues.asterisk.org/view.php?id=16724
Resource:
x_refsource_CONFIRM
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/509327/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/38395
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1023532
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001.html
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
x_refsource_CONFIRM
x_transferred
https://issues.asterisk.org/view.php?id=16517
x_refsource_CONFIRM
x_transferred
https://issues.asterisk.org/view.php?id=16634
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/0289
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/38047
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/39096
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://issues.asterisk.org/view.php?id=16724
x_refsource_CONFIRM
x_transferred
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/509327/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/38395
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1023532
vdb-entry
x_refsource_SECTRACK
x_transferred
http://downloads.asterisk.org/pub/security/AST-2010-001.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://issues.asterisk.org/view.php?id=16517
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://issues.asterisk.org/view.php?id=16634
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0289
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/38047
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/39096
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://issues.asterisk.org/view.php?id=16724
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/509327/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/38395
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1023532
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Feb, 2010 | 20:15
Updated At:11 Apr, 2025 | 00:51

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Asterisk
asterisk
>>asterisk>>1.6.0
cpe:2.3:a:asterisk:asterisk:1.6.0:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.1
cpe:2.3:a:asterisk:asterisk:1.6.0.1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.2
cpe:2.3:a:asterisk:asterisk:1.6.0.2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.3
cpe:2.3:a:asterisk:asterisk:1.6.0.3:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.5
cpe:2.3:a:asterisk:asterisk:1.6.0.5:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.6
cpe:2.3:a:asterisk:asterisk:1.6.0.6:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.7
cpe:2.3:a:asterisk:asterisk:1.6.0.7:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.8
cpe:2.3:a:asterisk:asterisk:1.6.0.8:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.9
cpe:2.3:a:asterisk:asterisk:1.6.0.9:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.10
cpe:2.3:a:asterisk:asterisk:1.6.0.10:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.12
cpe:2.3:a:asterisk:asterisk:1.6.0.12:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.13
cpe:2.3:a:asterisk:asterisk:1.6.0.13:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.14
cpe:2.3:a:asterisk:asterisk:1.6.0.14:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.15
cpe:2.3:a:asterisk:asterisk:1.6.0.15:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.16-rc1
cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.16-rc2
cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.17
cpe:2.3:a:asterisk:asterisk:1.6.0.17:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.18
cpe:2.3:a:asterisk:asterisk:1.6.0.18:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.18-rc1
cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.18-rc2
cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.18-rc3
cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc3:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.19
cpe:2.3:a:asterisk:asterisk:1.6.0.19:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.20
cpe:2.3:a:asterisk:asterisk:1.6.0.20:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.20-rc1
cpe:2.3:a:asterisk:asterisk:1.6.0.20-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.21
cpe:2.3:a:asterisk:asterisk:1.6.0.21:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.0.21-rc1
cpe:2.3:a:asterisk:asterisk:1.6.0.21-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.0
cpe:2.3:a:asterisk:asterisk:1.6.1.0:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.1
cpe:2.3:a:asterisk:asterisk:1.6.1.1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.2
cpe:2.3:a:asterisk:asterisk:1.6.1.2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.4
cpe:2.3:a:asterisk:asterisk:1.6.1.4:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.5
cpe:2.3:a:asterisk:asterisk:1.6.1.5:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.6
cpe:2.3:a:asterisk:asterisk:1.6.1.6:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.7-rc1
cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.7-rc2
cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.8
cpe:2.3:a:asterisk:asterisk:1.6.1.8:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.9
cpe:2.3:a:asterisk:asterisk:1.6.1.9:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.10
cpe:2.3:a:asterisk:asterisk:1.6.1.10:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.10-rc1
cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.10-rc2
cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.10-rc3
cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc3:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.11
cpe:2.3:a:asterisk:asterisk:1.6.1.11:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.12
cpe:2.3:a:asterisk:asterisk:1.6.1.12:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.12-rc1
cpe:2.3:a:asterisk:asterisk:1.6.1.12-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.13
cpe:2.3:a:asterisk:asterisk:1.6.1.13:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.1.13-rc1
cpe:2.3:a:asterisk:asterisk:1.6.1.13-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.2.1
cpe:2.3:a:asterisk:asterisk:1.6.2.1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.2.1-rc1
cpe:2.3:a:asterisk:asterisk:1.6.2.1-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.10-rc1
cpe:2.3:a:asterisk:asterisk:1.6.10-rc1:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>1.6.10-rc2
cpe:2.3:a:asterisk:asterisk:1.6.10-rc2:*:*:*:*:*:*:*
Asterisk
asterisk
>>asterisk>>c.3.1.0
cpe:2.3:a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diffcve@mitre.org
Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diffcve@mitre.org
Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diffcve@mitre.org
N/A
http://downloads.asterisk.org/pub/security/AST-2010-001.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlcve@mitre.org
N/A
http://secunia.com/advisories/38395cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/39096cve@mitre.org
N/A
http://securitytracker.com/id?1023532cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/509327/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/38047cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0289cve@mitre.org
Vendor Advisory
https://issues.asterisk.org/view.php?id=16517cve@mitre.org
N/A
https://issues.asterisk.org/view.php?id=16634cve@mitre.org
N/A
https://issues.asterisk.org/view.php?id=16724cve@mitre.org
N/A
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diffaf854a3a-2127-422b-91ae-364da2661108
Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diffaf854a3a-2127-422b-91ae-364da2661108
Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diffaf854a3a-2127-422b-91ae-364da2661108
N/A
http://downloads.asterisk.org/pub/security/AST-2010-001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/38395af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/39096af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1023532af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/509327/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/38047af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0289af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://issues.asterisk.org/view.php?id=16517af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.asterisk.org/view.php?id=16634af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.asterisk.org/view.php?id=16724af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/38395
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39096
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023532
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/509327/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38047
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0289
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://issues.asterisk.org/view.php?id=16517
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://issues.asterisk.org/view.php?id=16634
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://issues.asterisk.org/view.php?id=16724
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2010-001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/38395
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39096
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023532
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/509327/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38047
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0289
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://issues.asterisk.org/view.php?id=16517
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.asterisk.org/view.php?id=16634
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.asterisk.org/view.php?id=16724
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1104Records found
CVE-2022-20698
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 05:15
Updated-06 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Denial of Service Vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Canonical Ltd.ClamAVCisco Systems, Inc.Debian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-4932
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.50% / 80.96%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-1302
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.98% / 76.58%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 07:30
Updated-16 Sep, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed Goose Message in LibIEC61850 may result in a denial of service

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

Action-Not Available
Vendor-mz-automationMZ Automation
Product-libiec61850libIEC61850
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.17% / 78.52%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.

Action-Not Available
Vendor-valvesoftwaren/a
Product-steam_clientn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9242
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.61%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

Action-Not Available
Vendor-ecstatic_projectHackerOne
Product-ecstaticecstatic node module
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2014
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.37% / 84.75%
||
7 Day CHG~0.00%
Published-02 Jun, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

Action-Not Available
Vendor-n/aOpenStackFedora Project
Product-keystonefedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2175
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.08% / 22.75%
||
7 Day CHG~0.00%
Published-19 Aug, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Action-Not Available
Vendor-haproxyn/aRed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxhaproxyenterprise_linux_load_balancern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2015-8899
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.72%
||
7 Day CHG~0.00%
Published-30 Jun, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

Action-Not Available
Vendor-thekelleysn/aCanonical Ltd.
Product-dnsmasqubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2682
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.41% / 60.85%
||
7 Day CHG~0.00%
Published-19 Jul, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_mrgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0037
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-43.76% / 97.47%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3204
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.59% / 68.86%
||
7 Day CHG~0.00%
Published-01 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9193
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, improper input validation could cause a memory overread and cause the app to crash.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_412sd_808_firmwaresd_400sd_415sd_616sd_425sd_430_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaresd_210sd_820_firmwaresd_820sd_650sd_808sd_450_firmwaresd_800sd_845_firmwaresd_410sd_617sd_400_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_412_firmwaresd_845mdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2336
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-51.78% / 97.86%
||
7 Day CHG+9.82%
Published-11 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9239
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.99%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 20:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.

Action-Not Available
Vendor-ansi2html_projectHackerOne
Product-ansi2htmlansi2html node module
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0044
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-31.75% / 96.72%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0193
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-1.04% / 77.23%
||
7 Day CHG~0.00%
Published-20 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.79% / 85.89%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

Action-Not Available
Vendor-n/aThe PHP GroupopenSUSE
Product-leapphpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.66% / 70.98%
||
7 Day CHG~0.00%
Published-22 Feb, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-altiris_client_management_suite_pcanywhere_solutionaltiris_deployment_solution_remote_pcanywhere_solutionpcanywherealtiris_it_management_suite_pcanywhere_solutionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4603
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.17% / 78.45%
||
7 Day CHG~0.00%
Published-17 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.

Action-Not Available
Vendor-n/aPidgin
Product-pidginn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.26% / 93.06%
||
7 Day CHG~0.00%
Published-28 Dec, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

Action-Not Available
Vendor-hillstone_softwaren/a
Product-hs_tftp_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4883
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-13.76% / 94.16%
||
7 Day CHG~0.00%
Published-13 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.

Action-Not Available
Vendor-atvisen/a
Product-webmi2adsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8853
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-13.99% / 94.23%
||
7 Day CHG~0.00%
Published-25 May, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Action-Not Available
Vendor-perln/aFedora Project
Product-perlfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4601
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.79% / 87.90%
||
7 Day CHG~0.00%
Published-25 Dec, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.

Action-Not Available
Vendor-n/aPidgin
Product-pidginn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.60% / 69.28%
||
7 Day CHG~0.00%
Published-08 Jan, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

Action-Not Available
Vendor-maradnsn/a
Product-maradnsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4871
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-13.76% / 94.16%
||
7 Day CHG~0.00%
Published-18 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.

Action-Not Available
Vendor-opcsystemsn/a
Product-opcsystems.netn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-85.10% / 99.34%
||
7 Day CHG-1.47%
Published-30 Dec, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-45711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:47
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.

Action-Not Available
Vendor-simple_asn1_projectn/a
Product-simple_asn1n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4530
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-11.65% / 93.56%
||
7 Day CHG~0.00%
Published-08 Jan, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.

Action-Not Available
Vendor-n/aSiemens AG
Product-automation_license_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8879
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.62% / 81.60%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44357
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44366
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44221
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.21%
||
7 Day CHG-0.16%
Published-12 Jul, 2022 | 10:06
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_easie_core_packageSIMATIC eaSie Core Package
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44355
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7794
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-0.55% / 67.56%
||
7 Day CHG~0.00%
Published-30 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.

Action-Not Available
Vendor-coregan/a
Product-cg-wlncm4g_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.75% / 93.59%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.99%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:19
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.

Action-Not Available
Vendor-fisglobalyottadbn/a
Product-gt.myottadbn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44356
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2021-43588
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.22%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_data_protection_centralData Protection Central
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7557
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 66.46%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-librsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7770
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5||MEDIUM
EPSS-2.45% / 85.01%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.

Action-Not Available
Vendor-n/aDell Inc.
Product-sonicwall_totalsecure_tz_100_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44394
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44375
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.13%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:17
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.

Action-Not Available
Vendor-fisglobalyottadbn/a
Product-gt.myottadbn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-41772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGo
Product-gofedoratimesten_in-memory_databasen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.65% / 90.24%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-libarchiveubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-5265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.92% / 94.45%
||
7 Day CHG~0.00%
Published-30 Jun, 2008 | 21:00
Updated-07 Aug, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-dynamics_gpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-42555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.35%
||
7 Day CHG~0.00%
Published-15 Jan, 2022 | 16:28
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

Action-Not Available
Vendor-pexipn/a
Product-infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-23.07% / 95.83%
||
7 Day CHG~0.00%
Published-16 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-tftp_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-41585
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.18%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 15:20
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ATS stops accepting connections on FreeBSD

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.94% / 94.21%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Citrix (Cloud Software Group, Inc.)McAfee, LLCNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapxenserverenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_security_managerntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 15
  • 16
  • 17
  • ...
  • 22
  • 23
  • Next
Details not found