Lucene search

[email protected]CVE-2011-2216

HistoryJun 06, 2011 - 7:55 p.m.

CVE-2011-2216

2011-06-0619:55:03

[email protected]

web.nvd.nist.gov

asterisk

open source

sip

cve-2011-2216

denial of service

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.086 Low

EPSS

Percentile

94.5%

JSON

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

Affected configurations

NVD

Node

digiumasteriskMatch1.8.0

digiumasteriskMatch1.8.0beta1

digiumasteriskMatch1.8.0beta2

digiumasteriskMatch1.8.0beta3

digiumasteriskMatch1.8.0beta4

digiumasteriskMatch1.8.0beta5

digiumasteriskMatch1.8.0rc2

digiumasteriskMatch1.8.0rc3

digiumasteriskMatch1.8.0rc4

digiumasteriskMatch1.8.0rc5

digiumasteriskMatch1.8.1

digiumasteriskMatch1.8.1rc1

digiumasteriskMatch1.8.1.1

digiumasteriskMatch1.8.1.2

digiumasteriskMatch1.8.2

digiumasteriskMatch1.8.2.1

digiumasteriskMatch1.8.2.2

digiumasteriskMatch1.8.2.3

digiumasteriskMatch1.8.2.4

digiumasteriskMatch1.8.3

digiumasteriskMatch1.8.3rc1

digiumasteriskMatch1.8.3rc2

digiumasteriskMatch1.8.3rc3

digiumasteriskMatch1.8.3.1

digiumasteriskMatch1.8.3.2

digiumasteriskMatch1.8.3.3

digiumasteriskMatch1.8.4

digiumasteriskMatch1.8.4rc1

digiumasteriskMatch1.8.4rc2

digiumasteriskMatch1.8.4rc3

digiumasteriskMatch1.8.4.1

CPENameOperatorVersion
digium:asteriskdigium asteriskeq1.8.0
digium:asteriskdigium asteriskeq1.8.1
digium:asteriskdigium asteriskeq1.8.1.1
digium:asteriskdigium asteriskeq1.8.1.2
digium:asteriskdigium asteriskeq1.8.2
digium:asteriskdigium asteriskeq1.8.2.1
digium:asteriskdigium asteriskeq1.8.2.2
digium:asteriskdigium asteriskeq1.8.2.3
digium:asteriskdigium asteriskeq1.8.2.4
digium:asteriskdigium asteriskeq1.8.3

CPE	Name	Operator	Version
digium:asterisk	digium asterisk	eq	1.8.0
digium:asterisk	digium asterisk	eq	1.8.1
digium:asterisk	digium asterisk	eq	1.8.1.1
digium:asterisk	digium asterisk	eq	1.8.1.2
digium:asterisk	digium asterisk	eq	1.8.2
digium:asterisk	digium asterisk	eq	1.8.2.1
digium:asterisk	digium asterisk	eq	1.8.2.2
digium:asterisk	digium asterisk	eq	1.8.2.3
digium:asterisk	digium asterisk	eq	1.8.2.4
digium:asterisk	digium asterisk	eq	1.8.3