CVE-2009-2726Allocation of Resources Without Limits or Throttling in Asterisk

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
7.8HIGHNVD
EPSS
30.7%
top 3.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digium AsteriskDigium S800i FirmwareDebian Asterisk
Timeline
PublishedAug 12
Latest updateMay 2

Description

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages4 packages

NVDdigium/asteriskc.3.0c.3.1+6
debiandebian/asterisk< asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye)
Debiandigium/asterisk< 1:1.6.2.0~dfsg~rc1-1
NVDdigium/s800i_firmware1.2.01.3.0.3

🔴Vulnerability Details

2
GHSA
GHSA-9w42-v5mm-2ffh: The SIP channel driver in Asterisk Open Source 12022-05-02
OSV
CVE-2009-2726: The SIP channel driver in Asterisk Open Source 12009-08-12

📋Vendor Advisories

2
Debian
CVE-2009-2726: asterisk - The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before...2009
Red Hat
asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)

📐Framework References

2
CWE
Uncontrolled Resource Consumption
CWE
Allocation of Resources Without Limits or Throttling

💬Community

1
Bugzilla
CVE-2009-2726 asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)2009-08-12