1748
by Jamie Strandboge
check-cves run (with refresh) |
1 |
Candidate: CVE-2009-0871 |
2 |
PublicDate: 2009-03-11 |
|
3 |
References: |
|
10729
by Marc Deslauriers
change all mitre urls to https |
4 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0871 |
1748
by Jamie Strandboge
check-cves run (with refresh) |
5 |
Description: |
6 |
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and |
|
7 |
1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk |
|
8 |
Business Edition C.2.3, with the pedantic option enabled, allows remote |
|
9 |
authenticated users to cause a denial of service (crash) via a SIP INVITE |
|
10 |
request without any headers, which triggers a NULL pointer dereference in |
|
11 |
the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. |
|
12 |
Ubuntu-Description: |
|
13 |
Notes: |
|
14 |
Bugs: |
|
15 |
Priority: medium |
|
16 |
Discovered-by: |
|
17 |
Assigned-to: |
|
18 |
||
19 |
Patches_asterisk: |
|
20 |
upstream_asterisk: needs-triage |
|
1955
by Marc Deslauriers
updated asterisk CVEs |
21 |
dapper_asterisk: not-affected (1:1.2.7.1.dfsg-2ubuntu3.4) |
1835
by Kees Cook
Gutsy is EOL, retire results |
22 |
gutsy_asterisk: needed (reached end-of-life) |
1955
by Marc Deslauriers
updated asterisk CVEs |
23 |
hardy_asterisk: not-affected (1:1.4.17~dfsg-2ubuntu1) |
24 |
intrepid_asterisk: not-affected (1:1.4.21.2~dfsg-1ubuntu3) |
|
25 |
jaunty_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2) |
|
26 |
devel_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2) |