Search for vulnerabilities
Vulnerability details: VCID-qczg-xnzs-aaae
Vulnerability ID VCID-qczg-xnzs-aaae
Aliases CVE-2008-1289
Summary Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.17337 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.20853 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.22327 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.2663 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.95653 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.95849 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.95849 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.95849 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.96972 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.96972 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.96972 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.96972 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
epss 0.96981 https://api.first.org/data/v1/epss?cve=CVE-2008-1289
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=438127
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-1289
Reference id Reference type URL
http://downloads.digium.com/pub/security/AST-2008-002.html
http://labs.musecurity.com/advisories/MU-200803-01.txt
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1289.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1289
http://secunia.com/advisories/29426
http://secunia.com/advisories/29470
http://securityreason.com/securityalert/3763
http://securitytracker.com/id?1019628
https://exchange.xforce.ibmcloud.com/vulnerabilities/41302
https://exchange.xforce.ibmcloud.com/vulnerabilities/41305
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
http://www.asterisk.org/node/48466
http://www.securityfocus.com/archive/1/489817/100/0/threaded
http://www.securityfocus.com/bid/28308
http://www.vupen.com/english/advisories/2008/0928
438127 https://bugzilla.redhat.com/show_bug.cgi?id=438127
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:*:rc-2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:*:rc-2:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*
CVE-2008-1289 https://nvd.nist.gov/vuln/detail/CVE-2008-1289
CVE-2008-1289;OSVDB-43416 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31440.txt
CVE-2008-1289;OSVDB-43416 Exploit https://www.securityfocus.com/bid/28308/info
Data source Exploit-DB
Date added March 18, 2008
Description Asterisk 1.4.x - RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
Ransomware campaign use Known
Source publication date March 18, 2008
Exploit type dos
Platform linux
Source update date Feb. 6, 2014
Source URL https://www.securityfocus.com/bid/28308/info
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1289
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91798
EPSS Score 0.17337
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.