Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0095Asterisk vulnerability

CWE-3995 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
26.6%
top 3.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Asterisk Appliance Developer KITDebian AsteriskAsterisk Business Edition+3 more
Timeline
PublishedJan 8
Latest updateMay 1

Description

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

NVDasterisk/s800i1.0.3.3

Patches

Patch: bugs.digium.comPatch: downloads.digium.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-hvrv-phcf-pfqg: The SIP channel driver in Asterisk Open Source 12022-05-01
OSV
CVE-2008-0095: The SIP channel driver in Asterisk Open Source 12008-01-08

💥Exploits & PoCs

1
Exploit-DB
Asterisk 1.x - BYE Message Remote Denial of Service2008-01-02

📋Vendor Advisories

1
Debian
CVE-2008-0095: asterisk - The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edi...2008
CVE-2008-0095 — Debian Asterisk vulnerability | cvebase