What is the severity of CVE-2011-1175?

CVE-2011-1175 is classified as a high severity vulnerability due to its potential to cause a denial of service by crashing the Asterisk server.

How do I fix CVE-2011-1175?

To fix CVE-2011-1175, upgrade your Asterisk installation to the latest version that addresses this vulnerability.

Which versions of Asterisk are affected by CVE-2011-1175?

CVE-2011-1175 affects multiple versions of Asterisk, including versions 1.6.1.0-beta2 to 1.6.1.22.

What type of vulnerability is CVE-2011-1175?

CVE-2011-1175 is a remote crash vulnerability caused by rapid opening and closing of TCP connections.

Can CVE-2011-1175 be exploited remotely?

Yes, CVE-2011-1175 can be exploited remotely by an unauthenticated attacker.

Vulnerability/
CVE-2011-1175

medium

CWE

NVD-CWE-Other 476

17/3/2011

31/3/2011

6/8/2024

CVE-2011-1175: Null Pointer Dereference

First published: Thu Mar 17 2011(Updated: )

AST-2011-004 [1] describes a remote crash vulnerability in the Asterisk TCP/TLS server. If a remote, unauthenticated, attacker were to rapidly open and close TCP connections to services using the ast_tcptls_* API, they could cause Asterisk to crash after dereferencing a NULL pointer. This flaw affects 1.6.2.x and 1.8.x, and is corrected in 1.6.2.17.1 and 1.8.3.1. [1] <a href="http://downloads.asterisk.org/pub/security/AST-2011-004.pdf">http://downloads.asterisk.org/pub/security/AST-2011-004.pdf</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Asterisk	=1.6.1-beta2
Asterisk	=1.6.1.0-rc4
Asterisk	=1.6.1.8
Asterisk	=1.6.1.7-rc1
Asterisk	=1.6.1.5-rc1
Asterisk	=1.6.1.12
Asterisk	=1.6.1.0-rc5
Asterisk	=1.6.1.3-rc1
Asterisk	=1.6.1-beta4
Asterisk	=1.6.1.15-rc2
Asterisk	=1.6.1.18-rc1
Asterisk	=1.6.1.2
Asterisk	=1.6.1.19-rc2
Asterisk	=1.6.1.6
Asterisk	=1.6.1.5
Asterisk	=1.6.1.20-rc1
Asterisk	=1.6.1.0
Asterisk	=1.6.1.18-rc2
Asterisk	=1.6.1.14
Asterisk	=1.6.1.20-rc2
Asterisk	=1.6.1-rc1
Asterisk	=1.6.1.10-rc2
Asterisk	=1.6.1.19
Asterisk	=1.6.1.12-rc1
Asterisk	=1.6.1.22
Asterisk	=1.6.1.11
Asterisk	=1.6.1.10-rc3
Asterisk	=1.6.1
Asterisk	=1.6.1.20
Asterisk	=1.6.1.9
Asterisk	=1.6.1.19-rc3
Asterisk	=1.6.1.18
Asterisk	=1.6.1.17
Asterisk	=1.6.1-beta3
Asterisk	=1.6.1.4
Asterisk	=1.6.1.10
Asterisk	=1.6.1.16
Asterisk	=1.6.1.7-rc2
Asterisk	=1.6.1.0-rc2
Asterisk	=1.6.1.21
Asterisk	=1.6.1.0-rc3
Asterisk	=1.6.1.10-rc1
Asterisk	=1.6.1.19-rc1
Asterisk	=1.6.1.13
Asterisk	=1.6.1.13-rc1
Asterisk	=1.6.1.1
Asterisk	=1.6.1-beta1
Asterisk	=1.6.2.0-rc3
Asterisk	=1.6.2.0-rc2
Asterisk	=1.6.2.1
Asterisk	=1.6.2.0-rc4
Asterisk	=1.6.2.4
Asterisk	=1.6.2.6
Asterisk	=1.6.2.0-rc5
Asterisk	=1.6.2.0-rc7
Asterisk	=1.6.2.16-rc1
Asterisk	=1.6.2.17-rc1
Asterisk	=1.6.2.1-rc1
Asterisk	=1.6.2.16
Asterisk	=1.6.2.15-rc1
Asterisk	=1.6.2.17
Asterisk	=1.6.2.6-rc1
Asterisk	=1.6.2.2
Asterisk	=1.6.2.0-rc8
Asterisk	=1.6.2.3-rc2
Asterisk	=1.6.2.17-rc3
Asterisk	=1.6.2.16.1
Asterisk	=1.6.2.0
Asterisk	=1.6.2.17-rc2
Asterisk	=1.6.2.5
Asterisk	=1.6.2.0-rc6
Asterisk	=1.6.2.6-rc2
Asterisk	=1.8.3-rc3
Asterisk	=1.8.3
Asterisk	=1.8.0-beta2
Asterisk	=1.8.3-rc1
Asterisk	=1.8.1
Asterisk	=1.8.1.2
Asterisk	=1.8.0-beta4
Asterisk	=1.8.0-rc5
Asterisk	=1.8.0-beta3
Asterisk	=1.8.0-beta5
Asterisk	=1.8.0-rc2
Asterisk	=1.8.3-rc2
Asterisk	=1.8.2.3
Asterisk	=1.8.2.1
Asterisk	=1.8.1-rc1
Asterisk	=1.8.0
Asterisk	=1.8.0-rc3
Asterisk	=1.8.1.1
Asterisk	=1.8.2
Asterisk	=1.8.2.2
Asterisk	=1.8.0-beta1
Asterisk	=1.8.0-rc4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1175?
CVE-2011-1175 is classified as a high severity vulnerability due to its potential to cause a denial of service by crashing the Asterisk server.
How do I fix CVE-2011-1175?
To fix CVE-2011-1175, upgrade your Asterisk installation to the latest version that addresses this vulnerability.
Which versions of Asterisk are affected by CVE-2011-1175?
CVE-2011-1175 affects multiple versions of Asterisk, including versions 1.6.1.0-beta2 to 1.6.1.22.
What type of vulnerability is CVE-2011-1175?
CVE-2011-1175 is a remote crash vulnerability caused by rapid opening and closing of TCP connections.
Can CVE-2011-1175 be exploited remotely?
Yes, CVE-2011-1175 can be exploited remotely by an unauthenticated attacker.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2011-1175
agent/weakness
agent/remedy
agent/references
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/event
agent/trending
agent/source
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
vendor/digium
canonical/asterisk
version/asterisk/1.6.1-beta2
version/asterisk/1.6.1.0-rc4
version/asterisk/1.6.1.8
version/asterisk/1.6.1.7-rc1
version/asterisk/1.6.1.5-rc1
version/asterisk/1.6.1.12
version/asterisk/1.6.1.0-rc5
version/asterisk/1.6.1.3-rc1
version/asterisk/1.6.1-beta4
version/asterisk/1.6.1.15-rc2
version/asterisk/1.6.1.18-rc1
version/asterisk/1.6.1.2
version/asterisk/1.6.1.19-rc2
version/asterisk/1.6.1.6
version/asterisk/1.6.1.5
version/asterisk/1.6.1.20-rc1
version/asterisk/1.6.1.0
version/asterisk/1.6.1.18-rc2
version/asterisk/1.6.1.14
version/asterisk/1.6.1.20-rc2
version/asterisk/1.6.1-rc1
version/asterisk/1.6.1.10-rc2
version/asterisk/1.6.1.19
version/asterisk/1.6.1.12-rc1
version/asterisk/1.6.1.22
version/asterisk/1.6.1.11
version/asterisk/1.6.1.10-rc3
version/asterisk/1.6.1
version/asterisk/1.6.1.20
version/asterisk/1.6.1.9
version/asterisk/1.6.1.19-rc3
version/asterisk/1.6.1.18
version/asterisk/1.6.1.17
version/asterisk/1.6.1-beta3
version/asterisk/1.6.1.4
version/asterisk/1.6.1.10
version/asterisk/1.6.1.16
version/asterisk/1.6.1.7-rc2
version/asterisk/1.6.1.0-rc2
version/asterisk/1.6.1.21
version/asterisk/1.6.1.0-rc3
version/asterisk/1.6.1.10-rc1
version/asterisk/1.6.1.19-rc1
version/asterisk/1.6.1.13
version/asterisk/1.6.1.13-rc1
version/asterisk/1.6.1.1
version/asterisk/1.6.1-beta1
version/asterisk/1.6.2.0-rc3
version/asterisk/1.6.2.0-rc2
version/asterisk/1.6.2.1
version/asterisk/1.6.2.0-rc4
version/asterisk/1.6.2.4
version/asterisk/1.6.2.6
version/asterisk/1.6.2.0-rc5
version/asterisk/1.6.2.0-rc7
version/asterisk/1.6.2.16-rc1
version/asterisk/1.6.2.17-rc1
version/asterisk/1.6.2.1-rc1
version/asterisk/1.6.2.16
version/asterisk/1.6.2.15-rc1
version/asterisk/1.6.2.17
version/asterisk/1.6.2.6-rc1
version/asterisk/1.6.2.2
version/asterisk/1.6.2.0-rc8
version/asterisk/1.6.2.3-rc2
version/asterisk/1.6.2.17-rc3
version/asterisk/1.6.2.16.1
version/asterisk/1.6.2.0
version/asterisk/1.6.2.17-rc2
version/asterisk/1.6.2.5
version/asterisk/1.6.2.0-rc6
version/asterisk/1.6.2.6-rc2
version/asterisk/1.8.3-rc3
version/asterisk/1.8.3
version/asterisk/1.8.0-beta2
version/asterisk/1.8.3-rc1
version/asterisk/1.8.1
version/asterisk/1.8.1.2
version/asterisk/1.8.0-beta4
version/asterisk/1.8.0-rc5
version/asterisk/1.8.0-beta3
version/asterisk/1.8.0-beta5
version/asterisk/1.8.0-rc2
version/asterisk/1.8.3-rc2
version/asterisk/1.8.2.3
version/asterisk/1.8.2.1
version/asterisk/1.8.1-rc1
version/asterisk/1.8.0
version/asterisk/1.8.0-rc3
version/asterisk/1.8.1.1
version/asterisk/1.8.2
version/asterisk/1.8.2.2
version/asterisk/1.8.0-beta1
version/asterisk/1.8.0-rc4

CVE-2011-1175: Null Pointer Dereference

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1175?

How do I fix CVE-2011-1175?

Which versions of Asterisk are affected by CVE-2011-1175?

What type of vulnerability is CVE-2011-1175?

Can CVE-2011-1175 be exploited remotely?

Company

Resources

Contact