Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-2686

EPSS 2.45% · P85
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-2686

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Asterisk 'Content-Length'标头缓冲区溢出漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Digium Asterisk是美国Digium公司的一套开源的电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Asterisk Open Source 1.8.20.2之前的1.8.x版本,10.12.2之前的10.x版本,11.2.2之前的11.x版本;Certified Asterisk 1.8.15-cert2之前的1.8.15版本;Asterisk Digiumphones 10.12.2-digiumphones之前的10.x-digiumphon
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-2686

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-2686

登录查看更多情报信息。

Same Patch Batch · n/a · 2013-03-29 · 21 CVEs total

CVE-2013-0512多款IBM产品栈缓冲区溢出漏洞
CVE-2013-2301Android OMRON OpenWnn应用程序权限许可和访问控制漏洞
CVE-2013-1299Microsoft Windows Modern Mail 未明欺骗漏洞
CVE-2013-1085Novell Messenger/Groupwise Messenger Client 未明缓冲区溢出漏洞
CVE-2013-1083Novell IDM Roles Based Provisioning Module 未明安全漏洞
CVE-2013-1082Novell ZENworks Mobile Management 目录遍历漏洞
CVE-2013-1080Novell ZENworks Configuration Management Control Center 任意文件上传漏洞
CVE-2013-1079Novell ZENWorks AdminStudio ISProxy ‘ISProxy.dll’Activex目录遍历漏洞
CVE-2013-0532多款IBM产品跨站请求伪造漏洞
CVE-2013-0513多款IBM产品设计错误漏洞
CVE-2013-0659Siemens CP 1616/CP 1604模块访问安全绕过漏洞
CVE-2013-0511IBM Rational AppScan Enterprise 多个SQL注入漏洞
CVE-2013-0510IBM Rational AppScan Enterprise 权限许可和访问控制漏洞
CVE-2013-0474多款IBM产品信息泄露漏洞
CVE-2013-0473多款IBM产品跨站脚本漏洞
CVE-2013-0452IBM Tivoli Endpoint Manager for Software Use Analysis 跨站请求伪造漏洞
CVE-2012-6534Novell Sentinel Log Manager 权限许可和访问控制漏洞
CVE-2013-0130Core FTP 多个缓冲区溢出漏洞
CVE-2013-2685Asterisk 基于栈的缓冲区溢出漏洞
CVE-2013-2264Asterisk SIP信道驱动器信息泄露漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-2686

No comments yet

Leave a comment