CVE-2009-2651
published 2009-07-30CVE-2009-2651: main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.27%
80.8th percentile
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye) | asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | >= 0 < 1:1.6.2.0~dfsg~rc1-1 | 1:1.6.2.0~dfsg~rc1-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jqc4-44qp-7w9w: main/rtp
ghsa_unreviewed·2022-05-02
CVE-2009-2651 [MEDIUM] GHSA-jqc4-44qp-7w9w: main/rtp
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
OSV
CVE-2009-2651: main/rtp
osv·2009-07-30·CVSS 5.0
CVE-2009-2651 [MEDIUM] CVE-2009-2651: main/rtp
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
Red Hat
asterisk: remote DoS on receipt of malformed RTP text frames
vendor_redhat·2009-07-27·CVSS 5.0
CVE-2009-2651 [MEDIUM] asterisk: remote DoS on receipt of malformed RTP text frames
asterisk: remote DoS on receipt of malformed RTP text frames
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
Debian
CVE-2009-2651: asterisk - main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers ...
vendor_debian·2009·CVSS 5.0
CVE-2009-2651 [MEDIUM] CVE-2009-2651: asterisk - main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers ...
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
Scope: local
bullseye: resolved (fixed in 1:1.6.2.0~dfsg~rc1-1)
sid: resolved (fixed in 1:1.6.2.0~dfsg~rc1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames [Fdevel]
bugzilla·2009-07-31·CVSS 5.0
CVE-2009-2651 [MEDIUM] CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames [Fdevel]
CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Tracker for both Fedora 11 and rawhide
---
asterisk-1.6.1.6-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/asterisk-1.6.1.6-1.fc11
---
asterisk-1.6.1.6-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update asterisk'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-9405
---
asteri
Bugzilla
CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
bugzilla·2009-07-31·CVSS 5.0
CVE-2009-2651 [MEDIUM] CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2651 to
the following vulnerability:
Name: CVE-2009-2651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
Assigned: 20090730
Reference: MISC: http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
Reference: CONFIRM: http://downloads.asterisk.org/pub/security/AST-2009-004.html
Reference: BID:35837
Reference: URL: http://www.securityfocus.com/bid/35837
Reference: OSVDB:56571
Reference: URL: http://osvdb.org/56571
Reference: SECTRACK:1022608
Reference: URL: http://www.securitytracker.com/id?1022608
Reference: SECUNIA:36039
Reference: URL: http://secunia.com/advisories/36039
Reference: VUPEN:ADV-2009-2067
Reference: URL
http://downloads.asterisk.org/pub/security/AST-2009-004.htmlhttp://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txthttp://osvdb.org/56571http://secunia.com/advisories/36039http://www.securityfocus.com/bid/35837http://www.securitytracker.com/id?1022608http://www.vupen.com/english/advisories/2009/2067https://exchange.xforce.ibmcloud.com/vulnerabilities/52046http://downloads.asterisk.org/pub/security/AST-2009-004.htmlhttp://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txthttp://osvdb.org/56571http://secunia.com/advisories/36039http://www.securityfocus.com/bid/35837http://www.securitytracker.com/id?1022608http://www.vupen.com/english/advisories/2009/2067https://exchange.xforce.ibmcloud.com/vulnerabilities/52046
2009-07-30
Published