CVE-2009-0871

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
digiumasterisk
1.4.22
digiumasterisk
1.4.23
digiumasterisk
1.4.23.1
digiumasterisk
1.6.0
digiumasterisk
1.6.0:beta1
digiumasterisk
1.6.0:beta2
digiumasterisk
1.6.0:beta3
digiumasterisk
1.6.0:beta4
digiumasterisk
1.6.0:beta5
digiumasterisk
1.6.0:beta6
digiumasterisk
1.6.0:beta7
digiumasterisk
1.6.0:beta7.1
digiumasterisk
1.6.0:beta8
digiumasterisk
1.6.0:beta9
digiumasterisk
1.6.0:rc4
digiumasterisk
1.6.0:rc5
digiumasterisk
1.6.0:rc6
digiumasterisk
1.6.0.1
digiumasterisk
1.6.0.2
digiumasterisk
1.6.0.3
digiumasterisk
1.6.0.3:rc1
digiumasterisk
1.6.0.4:rc1
digiumasterisk
1.6.0.5
digiumasterisk
1.6.1
digiumasterisk
1.6.1:beta1
digiumasterisk
1.6.1:beta2
digiumasterisk
1.6.1:beta3
digiumasterisk
1.6.1:beta4
digiumasterisk
1.6.1:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
dapper
not-affected
Common Weakness Enumeration
References
http://bugs.digium.com/view.php?id=13547
http://bugs.digium.com/view.php?id=14417
http://downloads.digium.com/pub/security/AST-2009-002.html
http://osvdb.org/52568
http://secunia.com/advisories/34229
http://www.securityfocus.com/archive/1/501656/100/0/threaded
http://www.securityfocus.com/bid/34070
http://www.securitytracker.com/id?1021834
http://www.vupen.com/english/advisories/2009/0667
http://bugs.digium.com/view.php?id=13547
http://bugs.digium.com/view.php?id=14417
http://downloads.digium.com/pub/security/AST-2009-002.html
http://osvdb.org/52568
http://secunia.com/advisories/34229
http://www.securityfocus.com/archive/1/501656/100/0/threaded
http://www.securityfocus.com/bid/34070
http://www.securitytracker.com/id?1021834
http://www.vupen.com/english/advisories/2009/0667