The SIP channel driver in Asterisk Open Source 1.4.x prior to 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x prior to 1.0.3.4 allows remote malicious users to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asterisk asterisk appliance developer kit |
||
asterisk asterisk business edition |
||
asterisk asterisknow |
||
asterisk open source |
||
asterisk s800i |