Back to search
CVE-2008-0095
Published: Jan 8, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
27110
vdb-entry
x_refsource_BID
FEDORA-2008-0199
vendor-advisory
x_refsource_FEDORA
ADV-2008-0019
vdb-entry
x_refsource_VUPEN
20080102 AST-2008-001: Crash from transfer using BYE with Also header
mailing-list
x_refsource_BUGTRAQ
asterisk-bye-also-dos(39361)
vdb-entry
x_refsource_XF
3520
third-party-advisory
x_refsource_SREASON
http://bugs.digium.com/view.php?id=11637
x_refsource_MISC
28312
third-party-advisory
x_refsource_SECUNIA
1019152
vdb-entry
x_refsource_SECTRACK
FEDORA-2008-0198
vendor-advisory
x_refsource_FEDORA
http://downloads.digium.com/pub/security/AST-2008-001.html
x_refsource_CONFIRM
28299
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now