CVE-2008-0095

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
asteriskasterisk_appliance_developer_kit
𝑥
≤ 1.4_revision_95945
asteriskopen_source
𝑥
≤ 1.4.16
asterisks800i
𝑥
≤ 1.0.3.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
etch
not-affected
sarge
not-affected
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
intrepid
Fixed 1:1.4.17~dfsg-1
released
hardy
Fixed 1:1.4.17~dfsg-1
released
gutsy
ignored
feisty
not-affected
edgy
not-affected
dapper
not-affected
Common Weakness Enumeration