The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.
2008-06-05T20:32:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | asterisk | asterisk-addons | 1.2.0 | Yes |
| Application | asterisk | asterisk-addons | 1.2.1 | Yes |
| Application | asterisk | asterisk-addons | 1.2.2 | Yes |
| Application | asterisk | asterisk-addons | 1.2.3 | Yes |
| Application | asterisk | asterisk-addons | 1.2.4 | Yes |
| Application | asterisk | asterisk-addons | 1.2.5 | Yes |
| Application | asterisk | asterisk-addons | 1.2.6 | Yes |
| Application | asterisk | asterisk-addons | 1.2.7 | Yes |
| Application | asterisk | asterisk-addons | 1.2.8 | Yes |
| Application | asterisk | asterisk-addons | 1.4.0 | Yes |
| Application | asterisk | asterisk-addons | 1.4.1 | Yes |
| Application | asterisk | asterisk-addons | 1.4.2 | Yes |
| Application | asterisk | asterisk-addons | 1.4.3 | Yes |
| Application | asterisk | asterisk-addons | 1.4.4 | Yes |
| Application | asterisk | asterisk-addons | 1.4.5 | Yes |
| Application | asterisk | asterisk-addons | 1.4.6 | Yes |