CVE-2011-2529

NameCVE-2011-2529
Descriptionchan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2276-1, DSA-2276-2
Debian Bugs631446

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
asterisk (PTS)bullseye (security), bullseye1:16.28.0~dfsg-0+deb11u4fixed
sid1:20.8.1~dfsg+~cs6.14.40431414-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
asterisksourcelenny1:1.4.21.2~dfsg-3+lenny3DSA-2276-2
asterisksourcesqueeze1:1.6.2.9-2+squeeze3DSA-2276-2
asterisksource(unstable)1:1.8.4.3-1631446
Search for package or bug name: Reporting problems