CVE-2009-0871
published 2009-03-11CVE-2009-0871: The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
2.57%
83.2th percentile
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v44g-p4wf-wh36: The SIP channel driver in Asterisk Open Source 1
ghsa_unreviewed·2022-05-02
CVE-2009-0871 [LOW] CWE-20 GHSA-v44g-p4wf-wh36: The SIP channel driver in Asterisk Open Source 1
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
Red Hat
asterisk: remote crash in SIP channel driver (AST-2009-002)
vendor_redhat·2009-03-10·CVSS 3.5
CVE-2009-0871 [LOW] asterisk: remote crash in SIP channel driver (AST-2009-002)
asterisk: remote crash in SIP channel driver (AST-2009-002)
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
Debian
CVE-2009-0871: asterisk - The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6...
vendor_debian·2009·CVSS 3.5
CVE-2009-0871 [LOW] CVE-2009-0871: asterisk - The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6...
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
Scope: local
bullseye: resolved
sid: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-0871 asterisk: remote crash in SIP channel driver [F9]
bugzilla·2009-03-11·CVSS 3.5
CVE-2009-0871 [LOW] CVE-2009-0871 asterisk: remote crash in SIP channel driver [F9]
CVE-2009-0871 asterisk: remote crash in SIP channel driver [F9]
F9 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%209&bugs=489727,
---
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '9'.
Package Maintainer: If you wish for this
Bugzilla
CVE-2009-0871 asterisk: remote crash in SIP channel driver [F10]
bugzilla·2009-03-11·CVSS 3.5
CVE-2009-0871 [LOW] CVE-2009-0871 asterisk: remote crash in SIP channel driver [F10]
CVE-2009-0871 asterisk: remote crash in SIP channel driver [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=489726,
---
asterisk-1.6.0.15-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/asterisk-1.6.0.15-1.fc10
---
asterisk-1.6.0.15-1.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update asterisk
Bugzilla
CVE-2009-0871 asterisk: remote crash in SIP channel driver (AST-2009-002)
bugzilla·2009-03-11·CVSS 3.5
CVE-2009-0871 [LOW] CVE-2009-0871 asterisk: remote crash in SIP channel driver (AST-2009-002)
CVE-2009-0871 asterisk: remote crash in SIP channel driver (AST-2009-002)
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0871 to
the following vulnerability:
Name: CVE-2009-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0871
Assigned: 20090311
Reference: BUGTRAQ:20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/501656/100/0/threaded
Reference: CONFIRM: http://bugs.digium.com/view.php?id=13547
Reference: CONFIRM: http://bugs.digium.com/view.php?id=14417
Reference: CONFIRM: http://downloads.digium.com/pub/security/AST-2009-002.html
Reference: BID:34070
Reference: URL: http://www.securityfocus.com/bid/34070
Reference: SECTRACK:1021834
Reference: URL: http://www.secu
http://bugs.digium.com/view.php?id=13547http://bugs.digium.com/view.php?id=14417http://downloads.digium.com/pub/security/AST-2009-002.htmlhttp://osvdb.org/52568http://secunia.com/advisories/34229http://www.securityfocus.com/archive/1/501656/100/0/threadedhttp://www.securityfocus.com/bid/34070http://www.securitytracker.com/id?1021834http://www.vupen.com/english/advisories/2009/0667http://bugs.digium.com/view.php?id=13547http://bugs.digium.com/view.php?id=14417http://downloads.digium.com/pub/security/AST-2009-002.htmlhttp://osvdb.org/52568http://secunia.com/advisories/34229http://www.securityfocus.com/archive/1/501656/100/0/threadedhttp://www.securityfocus.com/bid/34070http://www.securitytracker.com/id?1021834http://www.vupen.com/english/advisories/2009/0667
2009-03-11
Published