CVE-2008-3263
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-3263
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Asterisk IAX POKE请求远程拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk处理大量畸形请求时存在漏洞,如果远程攻击者向Asterisk服务器发送了大量IAX2 POKE请求的话,就可以耗尽服务器上所有与IAX2协议相关的呼叫号,导致其他IAX2呼叫无法通过。由于协议的性质,IAX2 POKE呼叫会等待ACK报文响应PONG报文。在等待ACK报文期间,这个对话会耗尽IAX2呼叫号,因为ACK报文必须包含有与PONG中所分配和发送完全相同的呼叫号。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-3263
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-3263
Please Login to view more intelligence information
- http://downloads.digium.com/pub/security/AST-2008-010.htmlx_refsource_CONFIRM
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.htmlvendor-advisoryx_refsource_FEDORA
- https://nvd.nist.gov/vuln/detail/CVE-2008-3263
Same Patch Batch · n/a · 2008-07-22 · 12 CVEs total
| CVE-2008-3260 | Claroline 多文件跨站漏洞 | |
| CVE-2008-3261 | Claroline claroline/redirector.php 重定向攻击漏洞 | |
| CVE-2008-3262 | claroline 跨站请求伪造漏洞 | |
| CVE-2008-3188 | openSUSE libxcrypt 加密问题漏洞 | |
| CVE-2008-3253 | Citrix XenServer XenAPI HTTP接口跨站脚本漏洞 | |
| CVE-2008-3254 | preCMS 'id' Parameter SQL注入漏洞 | |
| CVE-2008-3255 | LunarNight Laboratory WebProxy 跨站脚本漏洞 | |
| CVE-2008-3256 | Siteframe 'folder.php' SQL注入漏洞 | |
| CVE-2008-3257 | Oracle Weblogic Apache连接器POST请求远程栈溢出漏洞 | |
| CVE-2008-3258 | Zoph 多个SQL注入漏洞 | |
| CVE-2008-3259 | OpenSSH X11UseLocalhost X11转发会话劫持漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM
V. Comments for CVE-2008-3263
No comments yet