|
|
CVE Reference: CVE-2008-2119 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2119 |
|
|
Description: Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/42823 ST 1020166 SAID Secunia Advisory: SA34982 Secunia Advisory: SA30517 MILW0RM http://www.milw0rm.com/exploits/5749 GENTOO http://security.gentoo.org/glsa/glsa-200905-01.xml CONFIRM http://svn.digium.com/view/asterisk?view=rev&revision=120109 http://downloads.digium.com/pub/security/AST-2008-008.html http://bugs.digium.com/view.php?id=12607 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/493020/100/0/threaded |
|
| Return to the previous page. |
