CVE-2011-4598

2011-12-1503:57:34

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.042 Low

EPSS

Percentile

92.3%

JSON

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

OSVersionArchitecturePackageVersionFilename
Debian11allasterisk< 1:1.8.8.0~dfsg-1asterisk_1:1.8.8.0~dfsg-1_all.deb
Debian10allasterisk< 1:1.8.8.0~dfsg-1asterisk_1:1.8.8.0~dfsg-1_all.deb
Debian999allasterisk< 1:1.8.8.0~dfsg-1asterisk_1:1.8.8.0~dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	asterisk	< 1:1.8.8.0~dfsg-1	asterisk_1:1.8.8.0~dfsg-1_all.deb
Debian	10	all	asterisk	< 1:1.8.8.0~dfsg-1	asterisk_1:1.8.8.0~dfsg-1_all.deb
Debian	999	all	asterisk	< 1:1.8.8.0~dfsg-1	asterisk_1:1.8.8.0~dfsg-1_all.deb