← Back

CVE-2008-1333

nvd nist
Published: Mar 20, 2008Modified: Apr 23, 2026

JSON object

Loading...
5.8
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:P
Exploitability: 8.6 / Impact: 4.9
Source: NVD

Description

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

Affected (5)

Asterisk
1 product
Open Source
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Asterisk
Open Source
Version 1.6.0_beta1
Open Source
Version 1.6.0_beta2
Open Source
Version 1.6.0_beta3
Open Source
Version 1.6.0_beta4
Open Source
Version 1.6.0_beta5

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (20)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.