Vulnerability Description
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk Business Edition | <= b2.5.2 |
| Asterisk | Open Source | <= 1.2.28 |
Related Weaknesses (CWE)
References
- http://bugs.digium.com/view.php?id=12607
- http://downloads.digium.com/pub/security/AST-2008-008.html
- http://secunia.com/advisories/30517
- http://secunia.com/advisories/34982
- http://security.gentoo.org/glsa/glsa-200905-01.xml
- http://svn.digium.com/view/asterisk?view=rev&revision=120109
- http://www.securityfocus.com/archive/1/493020/100/0/threaded
- http://www.securitytracker.com/id?1020166
- http://www.vupen.com/english/advisories/2008/1731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42823
- https://www.exploit-db.com/exploits/5749
- http://bugs.digium.com/view.php?id=12607
- http://downloads.digium.com/pub/security/AST-2008-008.html
- http://secunia.com/advisories/30517
- http://secunia.com/advisories/34982
FAQ
What is CVE-2008-2119?
CVE-2008-2119 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a d...
How severe is CVE-2008-2119?
CVE-2008-2119 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2119?
Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Asterisk Business Edition, Asterisk Open Source.