[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-2216Date: (C)2011-06-06   (M)2023-12-22


reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1025598
http://www.securityfocus.com/archive/1/518236/100/0/threaded
SECUNIA-44828
BID-48096
OSVDB-72752
FEDORA-2011-8319
FEDORA-2011-8983
asterisk-parseurifull-dos(67812)
http://downloads.digium.com/pub/security/AST-2011-007.html

CPE    31
cpe:/a:digium:asterisk:1.8.4:rc1
cpe:/a:digium:asterisk:1.8.4:rc2
cpe:/a:digium:asterisk:1.8.4:rc3
cpe:/a:digium:asterisk:1.8.0:rc5
...
OVAL    2
oval:org.secpod.oval:def:102886
oval:org.secpod.oval:def:102832

© SecPod Technologies