Описание
The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 1.2.0-1.dfsg-2 |
| edgy | ignored | end of life, was needed |
| feisty | ignored | end of life, was needed |
| gutsy | released | 1.2.0-1.dfsg-2 |
| hardy | released | 1.2.0-1.dfsg-2 |
| intrepid | released | 1.2.0-1.dfsg-2 |
| jaunty | released | 1.2.0-1.dfsg-2 |
| karmic | released | 1.2.0-1.dfsg-2 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
7.8 High
CVSS2
Связанные уязвимости
The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
The SIP channel module in Yet Another Telephony Engine (Yate) before 1 ...
The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
7.8 High
CVSS2