Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2726

Опубликовано: 12 авг. 2009
Источник: nvd
CVSS2: 7.8
EPSS Средний

Описание

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*
Версия до b.2.5.9 (исключая)
cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*
Версия от c.2.0 (включая) до c.2.4.1 (включая)
cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*
Версия от c.3.0 (включая) до c.3.1 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.3.0.3 (исключая)
cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.2.34 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 1.4.0 (включая) до 1.4.26.1 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 1.6.0 (включая) до 1.6.0.12 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 1.6.1 (включая) до 1.6.1.4 (исключая)

EPSS

Процентиль: 97%
0.3069
Средний

7.8 High

CVSS2

Дефекты

CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2009-2726

ubuntu
больше 16 лет назад

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

debian логотип

CVE-2009-2726

debian
больше 16 лет назад

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1. ...

github логотип

GHSA-9w42-v5mm-2ffh

github
больше 3 лет назад

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

EPSS

Процентиль: 97%
0.3069
Средний

7.8 High

CVSS2

Дефекты

CWE-770