← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

1748 by Jamie Strandboge
check-cves run (with refresh) 
1
 
Candidate: CVE-2009-0871

2
 
PublicDate: 2009-03-11

3
 
References:
10729 by Marc Deslauriers
change all mitre urls to https 
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0871
1748 by Jamie Strandboge
check-cves run (with refresh) 
5
 
Description:

6
 
 The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and

7
 
 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk

8
 
 Business Edition C.2.3, with the pedantic option enabled, allows remote

9
 
 authenticated users to cause a denial of service (crash) via a SIP INVITE

10
 
 request without any headers, which triggers a NULL pointer dereference in

11
 
 the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.

12
 
Ubuntu-Description:

13
 
Notes:

14
 
Bugs:

15
 
Priority: medium

16
 
Discovered-by:

17
 
Assigned-to:

18
 









19



Patches_asterisk:










20



upstream_asterisk: needs-triage








1955
by Marc Deslauriers


updated asterisk CVEs



21



dapper_asterisk: not-affected (1:1.2.7.1.dfsg-2ubuntu3.4)








1835
by Kees Cook


Gutsy is EOL, retire results



22



gutsy_asterisk: needed (reached end-of-life)








1955
by Marc Deslauriers


updated asterisk CVEs



23



hardy_asterisk: not-affected (1:1.4.17~dfsg-2ubuntu1)










24



intrepid_asterisk: not-affected (1:1.4.21.2~dfsg-1ubuntu3)










25



jaunty_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)










26



devel_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)