Denial of Service Vulnerability in Asterisk Open Source and Business Edition
CVE-2008-2119

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Business Edition; Open Source
Vendor: CVE Published:; 4 June 2008

What is CVE-2008-2119?

A vulnerability in Asterisk Open Source versions 1.0.x and 1.2.x before 1.2.29, along with Business Edition A.x.x and B.x.x before B.2.5.3, allows remote attackers to trigger a denial of service condition. This occurs when pedantic parsing is enabled, by sending a specially crafted SIP INVITE message that lacks a From header. The flaw is associated with improper handling of certain input during SIP message processing, specifically concerning an empty const string and a NULL pointer, leading to the daemon crashing.

References

http://security.gentoo.org/glsa/glsa-200905-01.xml

vendor-advisoryx_refsource_GENTOO

http://secunia.com/advisories/30517

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/5749

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
May 8, 2008