Home > Vulnerability Database > CVE-2008-2119

Mend.io Vulnerability Database

CVE-2008-2119

Date: June 4, 2008

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.

Severity Score

3.7

Related Resources (13)

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-2119

Url: https://www.exploit-db.com/exploits/5749

Url: http://downloads.digium.com/pub/security/AST-2008-008.html

Url: http://www.securitytracker.com/id?1020166

Url: http://secunia.com/advisories/30517

Url: http://www.vupen.com/english/advisories/2008/1731

Url: http://security.gentoo.org/glsa/glsa-200905-01.xml

Url: http://www.securityfocus.com/archive/1/493020/100/0/threaded

Url: http://svn.digium.com/view/asterisk?view=rev&revision=120109

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/42823

Url: http://secunia.com/advisories/34982

Url: http://bugs.digium.com/view.php?id=12607

Url: https://www.mend.io/vulnerability-database/CVE-2008-2119

Severity Score

3.7

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-2119

Date: June 4, 2008

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?