Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2009-2726

Published: 12/08/2009 Updated: 15/02/2024
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Asterisk

Vulnerability Summary

The SIP channel driver in Asterisk Open Source 1.2.x prior to 1.2.34, 1.4.x prior to 1.4.26.1, 1.6.0.x prior to 1.6.0.12, and 1.6.1.x prior to 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x prior to 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote malicious users to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk

digium s800i_firmware

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-2651: Remote Crash Vulnerability in RTP stack
Debian Bug report logs - #539473 CVE-2009-2651: Remote Crash Vulnerability in RTP stack Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: S ...
Debian CVElist Bug Report Logs: CVE-2009-2726: Asterisk SIP Channel Driver Denial of Service
Debian Bug report logs - #541441 CVE-2009-2726: Asterisk SIP Channel Driver Denial of Service Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> D ...

References

CWE-770http://www.securityfocus.com/bid/36015http://secunia.com/advisories/36227http://downloads.digium.com/pub/security/AST-2009-005.htmlhttp://www.vupen.com/english/advisories/2009/2229http://www.securitytracker.com/id?1022705http://labs.mudynamics.com/advisories/MU-200908-01.txthttp://www.securityfocus.com/archive/1/505669/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook