CVE-2009-2726 - Vulnerability Details - OpenCVE

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Digium	Asterisk S800i S800i Firmware

Configuration 1 [-]

OR	cpe:2.3:a:digium:asterisk:::business:::::*
	cpe:2.3:a:digium:asterisk:::business:::::*
	cpe:2.3:a:digium:asterisk:::business:::::*

Configuration 2 [-]

AND

cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk::::::::
	cpe:2.3:a:digium:asterisk::::::::

No data.

References

Link	Providers
http://downloads.digium.com/pub/security/AST-2009-005.html
http://labs.mudynamics.com/advisories/MU-200908-01.txt
http://secunia.com/advisories/36227
http://www.securityfocus.com/archive/1/505669/100/0/threaded
http://www.securityfocus.com/bid/36015
http://www.securitytracker.com/id?1022705
http://www.vupen.com/english/advisories/2009/2229

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-12T10:00:00

Updated: 2024-08-07T05:59:57.107Z

Reserved: 2009-08-10T00:00:00

Link: CVE-2009-2726

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-08-12T10:30:01.110

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2726

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"}, {"name": "ADV-2009-2229", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2229"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"}, {"name": "36015", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36015"}, {"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"}, {"name": "1022705", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022705"}, {"name": "36227", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36227"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2726", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt", "refsource": "MISC", "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"}, {"name": "ADV-2009-2229", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2229"}, {"name": "http://downloads.digium.com/pub/security/AST-2009-005.html", "refsource": "CONFIRM", "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"}, {"name": "36015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36015"}, {"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"}, {"name": "1022705", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022705"}, {"name": "36227", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36227"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:57.107Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"}, {"name": "ADV-2009-2229", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2229"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"}, {"name": "36015", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36015"}, {"name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"}, {"name": "1022705", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022705"}, {"name": "36227", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36227"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2726", "datePublished": "2009-08-12T10:00:00", "dateReserved": "2009-08-10T00:00:00", "dateUpdated": "2024-08-07T05:59:57.107Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*", "matchCriteriaId": "C7DBF0A2-9606-43EF-88E6-905B4864D377", "versionEndExcluding": "b.2.5.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*", "matchCriteriaId": "945FA0F6-42A8-4AF4-9EF6-4B16D08B2724", "versionEndIncluding": "c.2.4.1", "versionStartIncluding": "c.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*", "matchCriteriaId": "7375080A-38B8-4230-875B-FC6184F23792", "versionEndExcluding": "c.3.1", "versionStartIncluding": "c.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E7FEE3E-B19C-4E7E-92D6-D0032A5DAA59", "versionEndExcluding": "1.3.0.3", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "15C35F93-0E57-4AEB-AA5F-4EDFAE753451", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "86564062-C367-4652-820A-7B4700011463", "versionEndExcluding": "1.2.34", "versionStartIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CD3CE8A-7145-4501-A61A-D29F575E8795", "versionEndExcluding": "1.4.26.1", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E6BB86F-2FC7-4830-AC2E-4F114D87FE4C", "versionEndExcluding": "1.6.0.12", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4DBF98F-EF1D-4DC0-93FE-2EC280AAA5EF", "versionEndExcluding": "1.6.1.4", "versionStartIncluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."}, {"lang": "es", "value": "El driver SIP channel en Asterisk Open Source v1.2.x anterior a v1.2.34, v1.4.x anterior a v1.4.26.1, v1.6.0.x anterior a v1.6.0.12, y v1.6.1.x anterior a v1.6.1.4; Asterisk Business Edition vA.x.x, vB.x.x anterior a vB.2.5.9, vC.2.x anterior a vC.2.4.1, y vC.3.x anterior a vC.3.1; y Asterisk Appliance s800i v1.2.x anterior a v1.3.0.3, no utiliza el ancho m\u00e1ximo cuando se invocan las funciones de estilo sscanf, lo que permite a atacantes remotos producir una denegaci\u00f3n de servicio (agotamiento de la pila de memoria) a trav\u00e9s de paquetes SIP que contienen secuencias largas de caracteres ASCII decimales, como se demostr\u00f3 a trav\u00e9s de vectores relacionados con (1) el valor CSeq en una cabecera SIP, (2) valores Content-Length, y (3) SDP."}], "id": "CVE-2009-2726", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-12T10:30:01.110", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/36227"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36015"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022705"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/36227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2229"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}