CVE-2008-2119

EPSS 13.1%
Veröffentlicht 04.06.2008 19:32:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asterisk ≫ Asterisk Business Edition Version <= b2.5.2

Asterisk ≫ Asterisk Business Edition Versionb.1.3.2

Asterisk ≫ Asterisk Business Edition Versionb.1.3.3

Asterisk ≫ Asterisk Business Edition Versionb.2.2.0

Asterisk ≫ Asterisk Business Edition Versionb.2.2.1

Asterisk ≫ Asterisk Business Edition Versionb.2.3.1

Asterisk ≫ Asterisk Business Edition Versionb.2.3.2

Asterisk ≫ Asterisk Business Edition Versionb.2.3.3

Asterisk ≫ Asterisk Business Edition Versionb.2.3.4

Asterisk ≫ Asterisk Business Edition Versionb.2.5.0

Asterisk ≫ Asterisk Business Edition Versionb2.5.1

Asterisk ≫ Open Source Version <= 1.2.28

Asterisk ≫ Open Source Version1.0

Asterisk ≫ Open Source Version1.0.0

Asterisk ≫ Open Source Version1.0.1

Asterisk ≫ Open Source Version1.0.2

Asterisk ≫ Open Source Version1.0.3

Asterisk ≫ Open Source Version1.0.4

Asterisk ≫ Open Source Version1.0.5

Asterisk ≫ Open Source Version1.0.6

Asterisk ≫ Open Source Version1.0.7

Asterisk ≫ Open Source Version1.0.8

Asterisk ≫ Open Source Version1.0.9

Asterisk ≫ Open Source Version1.0.11

Asterisk ≫ Open Source Version1.0.11.1

Asterisk ≫ Open Source Version1.0.12

Asterisk ≫ Open Source Version1.2.0

Asterisk ≫ Open Source Version1.2.0beta1

Asterisk ≫ Open Source Version1.2.0beta2

Asterisk ≫ Open Source Version1.2.1

Asterisk ≫ Open Source Version1.2.2

Asterisk ≫ Open Source Version1.2.10

Asterisk ≫ Open Source Version1.2.11

Asterisk ≫ Open Source Version1.2.12

Asterisk ≫ Open Source Version1.2.12.1

Asterisk ≫ Open Source Version1.2.13

Asterisk ≫ Open Source Version1.2.14

Asterisk ≫ Open Source Version1.2.15

Asterisk ≫ Open Source Version1.2.16

Asterisk ≫ Open Source Version1.2.17

Asterisk ≫ Open Source Version1.2.18

Asterisk ≫ Open Source Version1.2.19

Asterisk ≫ Open Source Version1.2.20

Asterisk ≫ Open Source Version1.2.21

Asterisk ≫ Open Source Version1.2.21.1

Asterisk ≫ Open Source Version1.2.22

Asterisk ≫ Open Source Version1.2.23

Asterisk ≫ Open Source Version1.2.24

Asterisk ≫ Open Source Version1.2.25

Asterisk ≫ Open Source Version1.2.26

Asterisk ≫ Open Source Version1.2.26.1

Asterisk ≫ Open Source Version1.2.26.2

Asterisk ≫ Open Source Version1.2.27

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.1%	0.938

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/34982

http://security.gentoo.org/glsa/glsa-200905-01.xml

http://bugs.digium.com/view.php?id=12607

http://downloads.digium.com/pub/security/AST-2008-008.html

http://secunia.com/advisories/30517

http://svn.digium.com/view/asterisk?view=rev&revision=120109

http://www.securityfocus.com/archive/1/493020/100/0/threaded

http://www.securitytracker.com/id?1020166

http://www.vupen.com/english/advisories/2008/1731

https://exchange.xforce.ibmcloud.com/vulnerabilities/42823

https://www.exploit-db.com/exploits/5749

https://nvd.nist.gov/vuln/detail/CVE-2008-2119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2119

EUVD