CVE-2009-2651

Name: CVE-2009-2651
Creator: NVD / NIST
Published: 2009-07-30T20:00:00.36+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.27%

Last modified Jun 16, 2026

CVE-2009-2651 is a vulnerability of currently unknown severity. main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.. EPSS estimates a 2.27% chance of exploitation in the next 30 days.

Description

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

Metrics

EPSS Probability

2.27%

80.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Digium	Asterisk	1.6.1

References

http://downloads.asterisk.org/pub/security/AST-2009-004.htmlVendor Advisory
http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txtExploit
http://osvdb.org/56571
http://secunia.com/advisories/36039Vendor Advisory
http://www.securityfocus.com/bid/35837
http://www.securitytracker.com/id?1022608
http://www.vupen.com/english/advisories/2009/2067Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52046
http://downloads.asterisk.org/pub/security/AST-2009-004.htmlVendor Advisory
http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txtExploit
http://osvdb.org/56571
http://secunia.com/advisories/36039Vendor Advisory
http://www.securityfocus.com/bid/35837
http://www.securitytracker.com/id?1022608
http://www.vupen.com/english/advisories/2009/2067Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52046

Timeline

Published: Jul 30, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-2651?

How severe is CVE-2009-2651?

Severity scoring for CVE-2009-2651 is pending analysis. The EPSS model estimates a 2.27% probability of exploitation in the next 30 days.

How do I fix CVE-2009-2651?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2651?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST