CVE-2011-2216
published 2011-06-06CVE-2011-2216: reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.62%
90.5th percentile
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.8.4.2-1 (bullseye) | asterisk 1:1.8.4.2-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | >= 0 < 1:1.8.4.2-1 | 1:1.8.4.2-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2011-2216: asterisk - reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before ...
vendor_debian·2011·CVSS 5.0
CVE-2011-2216 [MEDIUM] CVE-2011-2216: asterisk - reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before ...
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
Scope: local
bullseye: resolved (fixed in 1:1.8.4.2-1)
sid: resolved (fixed in 1:1.8.4.2-1)
GHSA
GHSA-q7w4-fcc5-r63h: reqresp_parser
ghsa_unreviewed·2022-05-14
CVE-2011-2216 [MEDIUM] GHSA-q7w4-fcc5-r63h: reqresp_parser
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
OSV
CVE-2011-2216: reqresp_parser
osv·2011-06-06·CVSS 5.0
CVE-2011-2216 [MEDIUM] CVE-2011-2216: reqresp_parser
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
No detection rules found.
Bugzilla
CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007) [epel-6]
bugzilla·2011-06-03·CVSS 5.0
CVE-2011-2216 [MEDIUM] CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007) [epel-6]
CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007) [epel-6]
epel-6 tracking bug for asterisk: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
asterisk-1.8.4.2-1.fc15.1 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/asterisk-1.8.4.2-1.fc15.1
---
asterisk-1.8.4.2-1.el6.1 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.4.2-1.el6.1
---
Package asterisk-1.8.4.2-1.fc15.1:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror withi
Bugzilla
CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007)
bugzilla·2011-06-03·CVSS 5.0
CVE-2011-2216 [MEDIUM] CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007)
CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007)
A denial of service flaw was found in the way Asterisk processed malformed
Contact headers in SIP calls. A remote attacker could use this flaw to
cause asterisk server crash via specially-crafted Contact header sent in
a reply upon initialization of a SIP call.
References:
[1] http://packetstormsecurity.org/files/view/101966/AST-2011-007.txt
[2] http://seclists.org/fulldisclosure/2011/Jun/39
Upstream patch (against v1.8.x branch):
[3] http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff
Discussion:
This issue affects the version of the asterisk package, as shipped with
Fedora release of 15 and as present within EPEL-6 repository. Please schedule
and update.
--
This issue did NOT affect the ve
Bugzilla
CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007) [fedora-15]
bugzilla·2011-06-03·CVSS 5.0
CVE-2011-2216 [MEDIUM] CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007) [fedora-15]
CVE-2011-2216 Asterisk: Remote DoS (crash) in SIP channel driver (AST-2011-007) [fedora-15]
fedora-15 tracking bug for asterisk: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
asterisk-1.8.4.2-1.fc15.1 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/asterisk-1.8.4.2-1.fc15.1
---
asterisk-1.8.4.2-1.el6.1 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.4.2-1.el6.1
---
Package asterisk-1.8.4.2-1.fc15.1:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror
http://downloads.digium.com/pub/security/AST-2011-007.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.htmlhttp://osvdb.org/72752http://secunia.com/advisories/44828http://securitytracker.com/id?1025598http://www.securityfocus.com/archive/1/518236/100/0/threadedhttp://www.securityfocus.com/bid/48096https://exchange.xforce.ibmcloud.com/vulnerabilities/67812http://downloads.digium.com/pub/security/AST-2011-007.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.htmlhttp://osvdb.org/72752http://secunia.com/advisories/44828http://securitytracker.com/id?1025598http://www.securityfocus.com/archive/1/518236/100/0/threadedhttp://www.securityfocus.com/bid/48096https://exchange.xforce.ibmcloud.com/vulnerabilities/67812
2011-06-06
Published