CVE-2008-2119

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.29 Asterisk Business Edition versions A.x.x through B.x.x before B.2.5.3

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a SIP INVITE message lacking a From header. This is related to the ast uri decode function and improper handling of an empty const string and a NULL pointer when pedantic parsing is enabled.

Recommendations For Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.29, update to version 1.2.29 or later to resolve the issue. For Asterisk Business Edition versions A.x.x through B.x.x before B.2.5.3, update to version B.2.5.3 or later to resolve the issue. As a temporary workaround, consider disabling pedantic parsing to minimize the risk of exploitation.