CVE-2011-2216

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

Published: Jun 6, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2216
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
digium / asterisk	1.8.3-rc3	1.8.3-rc3.x
digium / asterisk	1.8.3	1.8.3.x
digium / asterisk	1.8.2.4	1.8.2.4.x
digium / asterisk	1.8.0-beta2	1.8.0-beta2.x
digium / asterisk	1.8.3-rc1	1.8.3-rc1.x
digium / asterisk	1.8.1	1.8.1.x
digium / asterisk	1.8.1.2	1.8.1.2.x
digium / asterisk	1.8.0-beta4	1.8.0-beta4.x
digium / asterisk	1.8.4-rc1	1.8.4-rc1.x
digium / asterisk	1.8.0-rc5	1.8.0-rc5.x
digium / asterisk	1.8.3.1	1.8.3.1.x
digium / asterisk	1.8.0-beta3	1.8.0-beta3.x
digium / asterisk	1.8.0-beta5	1.8.0-beta5.x
digium / asterisk	1.8.4	1.8.4.x
digium / asterisk	1.8.3.2	1.8.3.2.x
digium / asterisk	1.8.0-rc2	1.8.0-rc2.x
digium / asterisk	1.8.3-rc2	1.8.3-rc2.x
digium / asterisk	1.8.2.3	1.8.2.3.x
digium / asterisk	1.8.3.3	1.8.3.3.x
digium / asterisk	1.8.4-rc2	1.8.4-rc2.x
digium / asterisk	1.8.2.1	1.8.2.1.x
digium / asterisk	1.8.1-rc1	1.8.1-rc1.x
digium / asterisk	1.8.0	1.8.0.x
digium / asterisk	1.8.0-rc3	1.8.0-rc3.x
digium / asterisk	1.8.1.1	1.8.1.1.x
digium / asterisk	1.8.2	1.8.2.x
digium / asterisk	1.8.2.2	1.8.2.2.x
digium / asterisk	1.8.4-rc3	1.8.4-rc3.x
digium / asterisk	1.8.0-beta1	1.8.0-beta1.x
digium / asterisk	1.8.0-rc4	1.8.0-rc4.x
digium / asterisk	1.8.4.1	1.8.4.1.x

Vulnerability Database

290,206

CVE-2011-2216