Lucene search

[email protected]CVE-2009-2651

HistoryJul 30, 2009 - 8:00 p.m.

CVE-2009-2651

2009-07-3020:00:00

CWE-399

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

asterisk

open source

1.6.1

denial of service

vulnerability

rtp

text frame

null pointer dereference

cve-2009-2651

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.092 Low

EPSS

Percentile

94.7%

JSON

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

CPENameOperatorVersion
digium:asteriskdigium asteriskeq1.6.1

CPE	Name	Operator	Version
digium:asterisk	digium asterisk	eq	1.6.1

References

downloads.asterisk.org/pub/security/AST-2009-004.html

downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt

osvdb.org/56571

secunia.com/advisories/36039

www.securityfocus.com/bid/35837

www.securitytracker.com/id?1022608

www.vupen.com/english/advisories/2009/2067

exchange.xforce.ibmcloud.com/vulnerabilities/52046

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.092 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2009-2651

ubuntucve1 cvelist1 debiancve1 prion1 openvas3 nessus1 fedora1