NULL pointer dereference and daemon crash vulnerability in Asterisk Open Source 1.6.2.x and 1.8.x

NULL pointer dereference and daemon crash vulnerability in Asterisk Open Source 1.6.2.x and 1.8.x

CVE-2011-4598 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

Learn more about our Open Source Audit.