CVE-2009-2651 — Asterisk vulnerability

CWE-3997 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 78.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedJul 30

Latest updateMay 2

Description

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye)

▶Debiandigium/asterisk< 1:1.6.2.0~dfsg~rc1-1

▶NVDdigium/asterisk1.6.1

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-jqc4-44qp-7w9w: main/rtp↗2022-05-02

▶

OSV

CVE-2009-2651: main/rtp↗2009-07-30

▶

📋Vendor Advisories

Red Hat

asterisk: remote DoS on receipt of malformed RTP text frames↗2009-07-27

▶

Debian

CVE-2009-2651: asterisk - main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers ...↗2009

▶

💬Community

Bugzilla

CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames [Fdevel]↗2009-07-31

▶

Bugzilla

CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames↗2009-07-31

▶