First published: Wed Mar 11 2009(Updated: )
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digium Asterisk | =1.6.0-beta2 | |
Digium Asterisk | =1.6.1-beta2 | |
Digium Asterisk | =1.6.0-beta4 | |
Digium Asterisk | =1.6.0-beta8 | |
Digium Asterisk | =1.6.0-beta9 | |
Digium Asterisk | =c.2.3 | |
Digium Asterisk | =1.6.1-beta4 | |
Digium Asterisk | =1.6.0.3-rc1 | |
Digium Asterisk | =1.6.0 | |
Digium Asterisk | =1.4.22 | |
Digium Asterisk | =1.6.0-beta1 | |
Digium Asterisk | =1.6.0-beta3 | |
Digium Asterisk | =1.6.0.5 | |
Digium Asterisk | =1.6.1-rc1 | |
Digium Asterisk | =1.6.0.2 | |
Digium Asterisk | =1.6.0-rc6 | |
Digium Asterisk | =1.4.23 | |
Digium Asterisk | =1.6.0-rc4 | |
Digium Asterisk | =1.6.0-rc5 | |
Digium Asterisk | =1.6.0-beta7 | |
Digium Asterisk | =1.6.0.1 | |
Digium Asterisk | =1.6.1 | |
Digium Asterisk | =1.6.0.4-rc1 | |
Digium Asterisk | =1.6.0-beta6 | |
Digium Asterisk | =1.6.1-beta3 | |
Digium Asterisk | =1.6.0.3 | |
Digium Asterisk | =1.4.23.1 | |
Digium Asterisk | =1.6.0-beta7.1 | |
Digium Asterisk | =1.6.0-beta5 | |
Digium Asterisk | =1.6.1-beta1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.