Remote Denial of Service Vulnerability in Asterisk Open Source and Business Edition
CVE-2008-0095

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Business Edition; Open Source; Asterisk Appliance Developer Kit; Asterisknow
Vendor: CVE Published:; 8 January 2008

Summary

A vulnerability in the SIP channel driver of Asterisk allows remote attackers to exploit the system by sending a malicious BYE message containing an Also header. This can lead to a denial of service, causing the daemon to crash due to a NULL pointer dereference. The affected versions include Asterisk Open Source prior to 1.4.17 and various editions and platforms that utilize this driver, making it crucial for users to upgrade to secure versions to mitigate potential attacks.

References

http://www.securityfocus.com/bid/27110

vdb-entryx_refsource_BID

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.vupen.com/english/advisories/2008/0019

vdb-entryx_refsource_VUPEN

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 8, 2008
Vulnerability Reserved
Jan 7, 2008