Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2216

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

Related bugs and status

CVE-2011-2216 (Candidate) is related to these bugs:

Bug #852479: Merge asterisk 1:1.8.4.4~dfsg-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	852479	Merge asterisk 1:1.8.4.4~dfsg-2 (universe) from Debian unstable (main)		asterisk (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://downloads.digiu...
SECTRACK: 1025598
OSVDB: 72752
FEDORA: FEDORA-2011-8319
FEDORA: FEDORA-2011-8983
BID: 48096
SECUNIA: 44828
XF: asterisk-parseurifull-...
BUGTRAQ: 20110602 AST-2011-007