Vulnerability Description
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digium | Asterisk | 1.6.1 |
Related Weaknesses (CWE)
References
- http://downloads.asterisk.org/pub/security/AST-2009-004.htmlVendor Advisory
- http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txtExploit
- http://osvdb.org/56571
- http://secunia.com/advisories/36039Vendor Advisory
- http://www.securityfocus.com/bid/35837
- http://www.securitytracker.com/id?1022608
- http://www.vupen.com/english/advisories/2009/2067PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52046
- http://downloads.asterisk.org/pub/security/AST-2009-004.htmlVendor Advisory
- http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txtExploit
- http://osvdb.org/56571
- http://secunia.com/advisories/36039Vendor Advisory
- http://www.securityfocus.com/bid/35837
- http://www.securitytracker.com/id?1022608
- http://www.vupen.com/english/advisories/2009/2067PatchVendor Advisory
FAQ
What is CVE-2009-2651?
CVE-2009-2651 is a vulnerability with a CVSS score of 5.0 (MEDIUM). main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer de...
How severe is CVE-2009-2651?
CVE-2009-2651 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2651?
Check the references section above for vendor advisories and patch information. Affected products include: Digium Asterisk.