FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Remote crash vulnerability

Affected packages
1.8.* < asterisk18 < 1.8.4.2

Details

VuXML ID 34ce5817-8d56-11e0-b5a2-6c626dd55a41
Discovery 2011-06-02
Entry 2011-06-02

The Asterisk Development Team reports:

If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault.

[source]

References

CVE Name CVE-2011-2216
URL http://downloads.asterisk.org/pub/security/AST-2011-007.pdf

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.