{"id":"MGASA-2013-0384","summary":"Updated asterisk packages fix CVE-2013-7100","details":"Updated asterisk packages fix security vulnerability:\n\nBuffer overflow in the unpacksms16 function in apps/app_sms.c in\nAsterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and\n11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before\n10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4\nand 11.x before 11.2-cert3 allows remote attackers to cause a denial\nof service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).\n\nThe updated packages has been upgraded to the 11.7.0 version which\nresolves various upstream bugs and is not vulnerable to this issue.\n","modified":"2026-04-16T01:47:15.475610767Z","published":"2013-12-23T17:15:47Z","upstream":["CVE-2013-7100"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0384.html"},{"type":"REPORT","url":"https://issues.asterisk.org/jira/browse/ASTERISK-22590"},{"type":"WEB","url":"http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:300/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12060"}],"affected":[{"package":{"name":"asterisk","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/asterisk?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.7.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0384.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}