CVE-2008-0095
Last modified
CVE-2008-0095 is a vulnerability of currently unknown severity. The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.. EPSS estimates a 25.42% chance of exploitation in the next 30 days.
Description
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk Appliance Developer Kit | <= 1.4_revision_95945 |
| Asterisk | Asterisk Business Edition | <= c.1.0beta7 |
| Asterisk | Asterisknow | <= beta_6 |
| Asterisk | Open Source | <= 1.4.16 |
| Asterisk | S800i | <= 1.0.3.3 |
References
- http://secunia.com/advisories/28312Patch, Vendor Advisory
- http://www.securityfocus.com/bid/27110Exploit, Patch
- http://secunia.com/advisories/28312Patch, Vendor Advisory
- http://www.securityfocus.com/bid/27110Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-0095?
How severe is CVE-2008-0095?
How do I fix CVE-2008-0095?
Are you affected by CVE-2008-0095?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST