Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2008-2119

HistoryJun 04, 2008 - 7:32 p.m.

CVE-2008-2119

2008-06-0419:32:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.013

Percentile

86.1%

JSON

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.

OSVersionArchitecturePackageVersionFilename
Debian11allasterisk< 1.4asterisk_1.4_all.deb
Debian999allasterisk< 1.4asterisk_1.4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	asterisk	< 1.4	asterisk_1.4_all.deb
Debian	999	all	asterisk	< 1.4	asterisk_1.4_all.deb

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.013

Percentile

86.1%

JSON

Related for DEBIANCVE:CVE-2008-2119