CVE-2008-3799
published 2008-09-26CVE-2008-3799: Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a…
high7.8CVSS 3.1
AVNACLAuNCNINAC
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios_session_initiation_protocol | — | — |
Cisco
Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
vendor_cisco·2008-09-24·CVSS 7.8
CVE-2008-3799 [HIGH] CWE-399 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP)
implementation in Cisco IOS that can be exploited remotely to trigger a memory
leak or to cause a reload of the IOS device.
Cisco has released software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and
Fixes section contains fixes for all vulnerabilities addressed in this
advisory.
There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature itself, if
administrators do not require the Cisco IOS device to provide voice over IP
services.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/
Cisco
Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
vendor_cisco
CVE-2008-3799 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
CVE-2008-3799: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device. Cisco has released software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory. There are no
CWE: CWE-399, CWE-399
Bug IDs: CSCse56800, CSCsg91306, CSCsk42759, CSCsb25337, CSCse56800
GHSA
GHSA-c2cp-r782-35vp: Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12
ghsa_unreviewed·2022-05-02
CVE-2008-3799 [HIGH] CWE-772 GHSA-c2cp-r782-35vp: Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/31990http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtmlhttp://www.securitytracker.com/id?1020939http://www.vupen.com/english/advisories/2008/2670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5927http://secunia.com/advisories/31990http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtmlhttp://www.securitytracker.com/id?1020939http://www.vupen.com/english/advisories/2008/2670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5927
2008-09-26
Published