6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.092 Low
EPSS
Percentile
94.7%
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
CPE | Name | Operator | Version |
---|---|---|---|
digium:asterisk | digium asterisk | eq | 1.6.1 |
downloads.asterisk.org/pub/security/AST-2009-004.html
downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
osvdb.org/56571
secunia.com/advisories/36039
www.securityfocus.com/bid/35837
www.securitytracker.com/id?1022608
www.vupen.com/english/advisories/2009/2067
exchange.xforce.ibmcloud.com/vulnerabilities/52046