CVE-2009-2651

EUVD-2009-2645
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
digiumasterisk
1.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
etch
not-affected
lenny
not-affected
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
squeeze
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
dapper
ignored
hardy
not-affected
intrepid
ignored
jaunty
ignored
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2009-004.html
http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
http://osvdb.org/56571
http://secunia.com/advisories/36039
http://www.securityfocus.com/bid/35837
http://www.securitytracker.com/id?1022608
http://www.vupen.com/english/advisories/2009/2067
https://exchange.xforce.ibmcloud.com/vulnerabilities/52046
http://downloads.asterisk.org/pub/security/AST-2009-004.html
http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
http://osvdb.org/56571
http://secunia.com/advisories/36039
http://www.securityfocus.com/bid/35837
http://www.securitytracker.com/id?1022608
http://www.vupen.com/english/advisories/2009/2067
https://exchange.xforce.ibmcloud.com/vulnerabilities/52046