CVE-2008-5558

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

Published: Dec 17, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5558
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
asterisk / asterisk_business_edition	b.2.3.5	b.2.3.5.x
asterisk / open_source	1.2.30.2	1.2.30.2.x
asterisk / open_source	1.2.27	1.2.27.x
asterisk / open_source	1.2.26.2-netsec	1.2.26.2-netsec.x
asterisk / open_source	1.2.26.1	1.2.26.1.x
asterisk / open_source	1.2.26-netsec	1.2.26-netsec.x
asterisk / asterisk_business_edition	b.2.5.3	b.2.5.3.x
asterisk / asterisk_business_edition	b.2.5.0	b.2.5.0.x
asterisk / open_source	1.2.26	1.2.26.x
asterisk / asterisk_business_edition	b.2.5.1	b.2.5.1.x
asterisk / open_source	1.2.26.2	1.2.26.2.x
asterisk / open_source	1.2.30	1.2.30.x
asterisk / asterisk_business_edition	b.2.3.4	b.2.3.4.x
asterisk / open_source	1.2.30.3	1.2.30.3.x
asterisk / open_source	1.2.26.1-netsec	1.2.26.1-netsec.x
asterisk / open_source	1.2.28	1.2.28.x
asterisk / open_source	1.2.29	1.2.29.x

Vulnerability Database

289,697

CVE-2008-5558