CVE-2009-2726
published 2009-08-12CVE-2009-2726: The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk…
PriorityP335high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
6.52%
92.9th percentile
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye) | asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye) |
| digium | asterisk | < b.2.5.9 | b.2.5.9 |
| digium | asterisk | >= 0 < 1:1.6.2.0~dfsg~rc1-1 | 1:1.6.2.0~dfsg~rc1-1 |
| digium | asterisk | >= 1.2.0 < 1.2.34 | 1.2.34 |
| digium | asterisk | >= 1.4.0 < 1.4.26.1 | 1.4.26.1 |
| digium | asterisk | >= 1.6.0 < 1.6.0.12 | 1.6.0.12 |
| digium | asterisk | >= 1.6.1 < 1.6.1.4 | 1.6.1.4 |
| digium | asterisk | c.2.0 – c.2.4.1 | — |
| digium | asterisk | >= c.3.0 < c.3.1 | c.3.1 |
| digium | s800i_firmware | >= 1.2.0 < 1.3.0.3 | 1.3.0.3 |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-2726: asterisk - The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before...
vendor_debian·2009·CVSS 7.8
CVE-2009-2726 [HIGH] CVE-2009-2726: asterisk - The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before...
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
Scope: local
bullseye: resolved (fixed in 1:1.6.2.0~dfsg~rc1-1)
sid: resolved (fixed in 1:1.6.2.0~dfsg~rc1-1)
Red Hat
asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)
vendor_redhat·CVSS 7.8
CVE-2009-2726 [HIGH] asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)
asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
GHSA
GHSA-9w42-v5mm-2ffh: The SIP channel driver in Asterisk Open Source 1
ghsa_unreviewed·2022-05-02
CVE-2009-2726 [HIGH] CWE-770 GHSA-9w42-v5mm-2ffh: The SIP channel driver in Asterisk Open Source 1
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
OSV
CVE-2009-2726: The SIP channel driver in Asterisk Open Source 1
osv·2009-08-12·CVSS 7.8
CVE-2009-2726 [HIGH] CVE-2009-2726: The SIP channel driver in Asterisk Open Source 1
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
No detection rules found.
No public exploits indexed.
CWE
Uncontrolled Resource Consumption
mitre_cwe
CWE-400 Uncontrolled Resource Consumption
CWE-400: Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Modes of Introduction:
Phase: Operation
Note: The product could be operated in a system or environment with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: System Configuration
Note: The product could be configured with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: Architecture and Design
Note: The designer might not consider how to handle and throttle excessive resource requests, which typically requires careful planning to handle more gracefully than a crash or exit.
Phase: Implementation
Note: There are at
CWE
Allocation of Resources Without Limits or Throttling
mitre_cwe
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-770: Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Implementation
Phase: Operation
Phase: System Configuration
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other). When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource. It can be
http://downloads.digium.com/pub/security/AST-2009-005.htmlhttp://labs.mudynamics.com/advisories/MU-200908-01.txthttp://secunia.com/advisories/36227http://www.securityfocus.com/archive/1/505669/100/0/threadedhttp://www.securityfocus.com/bid/36015http://www.securitytracker.com/id?1022705http://www.vupen.com/english/advisories/2009/2229http://downloads.digium.com/pub/security/AST-2009-005.htmlhttp://labs.mudynamics.com/advisories/MU-200908-01.txthttp://secunia.com/advisories/36227http://www.securityfocus.com/archive/1/505669/100/0/threadedhttp://www.securityfocus.com/bid/36015http://www.securitytracker.com/id?1022705http://www.vupen.com/english/advisories/2009/2229
2009-08-12
Published