CVE-2009-0871

EPSS 2.95%
Veröffentlicht 11.03.2009 14:19:15
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Digium ≫ Asterisk Version1.4.22

Digium ≫ Asterisk Version1.4.23

Digium ≫ Asterisk Version1.4.23.1

Digium ≫ Asterisk Version1.6.0

Digium ≫ Asterisk Version1.6.0 Updatebeta1

Digium ≫ Asterisk Version1.6.0 Updatebeta2

Digium ≫ Asterisk Version1.6.0 Updatebeta3

Digium ≫ Asterisk Version1.6.0 Updatebeta4

Digium ≫ Asterisk Version1.6.0 Updatebeta5

Digium ≫ Asterisk Version1.6.0 Updatebeta6

Digium ≫ Asterisk Version1.6.0 Updatebeta7

Digium ≫ Asterisk Version1.6.0 Updatebeta7.1

Digium ≫ Asterisk Version1.6.0 Updatebeta8

Digium ≫ Asterisk Version1.6.0 Updatebeta9

Digium ≫ Asterisk Version1.6.0 Updaterc4

Digium ≫ Asterisk Version1.6.0 Updaterc5

Digium ≫ Asterisk Version1.6.0 Updaterc6

Digium ≫ Asterisk Version1.6.0.1

Digium ≫ Asterisk Version1.6.0.2

Digium ≫ Asterisk Version1.6.0.3

Digium ≫ Asterisk Version1.6.0.3 Updaterc1

Digium ≫ Asterisk Version1.6.0.4 Updaterc1

Digium ≫ Asterisk Version1.6.0.5

Digium ≫ Asterisk Version1.6.1

Digium ≫ Asterisk Version1.6.1 Updatebeta1

Digium ≫ Asterisk Version1.6.1 Updatebeta2

Digium ≫ Asterisk Version1.6.1 Updatebeta3

Digium ≫ Asterisk Version1.6.1 Updatebeta4

Digium ≫ Asterisk Version1.6.1 Updaterc1

Digium ≫ Asterisk Versionc.2.3 Update- Editionbusiness

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.95%	0.857

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.digium.com/view.php?id=13547

http://bugs.digium.com/view.php?id=14417

http://downloads.digium.com/pub/security/AST-2009-002.html

Patch

Vendor Advisory

http://osvdb.org/52568

http://secunia.com/advisories/34229

Vendor Advisory

http://www.securityfocus.com/archive/1/501656/100/0/threaded

http://www.securityfocus.com/bid/34070

Patch

http://www.securitytracker.com/id?1021834

http://www.vupen.com/english/advisories/2009/0667

https://nvd.nist.gov/vuln/detail/CVE-2009-0871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0871

EUVD