[CVE-2008-2119] Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
Bug #237229 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
asterisk (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: asterisk
CVE-2008-2119 description from the upstream advisory AST-2008-008:
"During pedantic SIP processing the From header value is
passed to the ast_uri_decode function to be decoded. In
two instances it is possible for the code to cause a
crash as the From header value is not checked to be
non-NULL before being passed to the function."
http://
Links for future reference:
http://
http://
CVE References
Changed in asterisk: | |
status: | New → Confirmed |
To post a comment you must log in.
Marking Fix Released as this should be fixed in all supported releases.