CVE-2008-2543

Name of the Vulnerable Software and Affected Versions Asterisk Addons versions 1.2.x through 1.2.8 Asterisk-Addons versions 1.4.x through 1.4.6

Description The issue concerns the ooh323 channel driver, which creates a remotely accessible TCP port intended for localhost communication. It incorrectly interprets certain TCP application-data fields as memory addresses to free, allowing remote attackers to cause a denial of service by crashing the daemon via crafted TCP packets.

Recommendations For Asterisk Addons versions 1.2.x through 1.2.8, update to version 1.2.9 or later. For Asterisk-Addons versions 1.4.x through 1.4.6, update to version 1.4.7 or later.