CVE-2008-2119
CVE-2008-2119
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/5749unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.digium.com/view.php?id=12607http://downloads.digium.com/pub/security/AST-2008-008.htmlhttp://secunia.com/advisories/30517http://secunia.com/advisories/34982http://security.gentoo.org/glsa/glsa-200905-01.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42823http://svn.digium.com/view/asterisk?view=rev&revision=120109https://www.exploit-db.com/exploits/5749http://www.securityfocus.com/archive/1/493020/100/0/threadedhttp://www.securitytracker.com/id?1020166http://www.vupen.com/english/advisories/2008/1731