CVE-2009-2346
NONE EPSS 83.3%
Published Sep 8, 200916y ago · Modified Jun 16, 20262w ago
Published Sep 8, 2009 16y ago
Last Modified Jun 16, 2026 2w ago
Description
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
Threat Intelligence
EPSS Exploit Probability
83.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 192
| Vendor | Product | Version | Range |
|---|---|---|---|
| asterisk | asterisk | b.1.3.2 | any |
| asterisk | asterisk | b.1.3.3 | any |
| asterisk | asterisk | b.2.2.0 | any |
| asterisk | asterisk | b.2.2.1 | any |
| asterisk | asterisk | b.2.3.1 | any |
| asterisk | asterisk | b.2.3.2 | any |
| asterisk | asterisk | b.2.3.3 | any |
| asterisk | asterisk | b.2.3.4 | any |
| asterisk | asterisk | b.2.3.5 | any |
| asterisk | asterisk | b.2.3.6 | any |
| asterisk | asterisk | b.2.5.1 | any |
| asterisk | asterisk | b.2.5.3 | any |
| asterisk | asterisk | b.2.5.4 | any |
| asterisk | asterisk | b.2.5.5 | any |
| asterisk | asterisk | b.2.5.6 | any |
| asterisk | asterisk | b.2.5.8 | any |
| asterisk | asterisk | b.2.5.9 | any |
| asterisk | asterisk | c.1.0_beta7 | any |
| asterisk | asterisk | c.1.0_beta8 | any |
| asterisk | asterisk | c.1.6 | any |
| asterisk | asterisk | c.1.6.1 | any |
| asterisk | asterisk | c.1.6.2 | any |
| asterisk | asterisk | c.1.8.1 | any |
| asterisk | asterisk | c.1.10.3 | any |
| asterisk | asterisk | c.1.10.4 | any |
| asterisk | asterisk | c.1.10.5 | any |
| asterisk | asterisk | c.2.1.2.1 | any |
| asterisk | asterisk | c.2.3 | any |
| asterisk | asterisk | c.2.3.3 | any |
| asterisk | asterisk | c.2.4.2 | any |
| asterisk | asterisk | c.3.1.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.1 | any |
| asterisk | open_source | 1.2.2 | any |
| asterisk | open_source | 1.2.2 | any |
| asterisk | open_source | 1.2.3 | any |
| asterisk | open_source | 1.2.3 | any |
| asterisk | open_source | 1.2.4 | any |
| asterisk | open_source | 1.2.4 | any |
| asterisk | open_source | 1.2.5 | any |
| asterisk | open_source | 1.2.5 | any |
| asterisk | open_source | 1.2.6 | any |
| asterisk | open_source | 1.2.6 | any |
| asterisk | open_source | 1.2.7 | any |
| asterisk | open_source | 1.2.7 | any |
| asterisk | open_source | 1.2.7.1 | any |
| asterisk | open_source | 1.2.7.1 | any |
| asterisk | open_source | 1.2.8 | any |
| asterisk | open_source | 1.2.8 | any |
| asterisk | open_source | 1.2.9 | any |
| asterisk | open_source | 1.2.9.1 | any |
| asterisk | open_source | 1.2.9.1 | any |
| asterisk | open_source | 1.2.10 | any |
| asterisk | open_source | 1.2.10 | any |
| asterisk | open_source | 1.2.11 | any |
| asterisk | open_source | 1.2.11 | any |
| asterisk | open_source | 1.2.12 | any |
| asterisk | open_source | 1.2.12 | any |
| asterisk | open_source | 1.2.12.1 | any |
| asterisk | open_source | 1.2.12.1 | any |
| asterisk | open_source | 1.2.13 | any |
| asterisk | open_source | 1.2.13 | any |
| asterisk | open_source | 1.2.14 | any |
| asterisk | open_source | 1.2.14 | any |
| asterisk | open_source | 1.2.15 | any |
| asterisk | open_source | 1.2.15 | any |
| asterisk | open_source | 1.2.16 | any |
| asterisk | open_source | 1.2.16 | any |
| asterisk | open_source | 1.2.17 | any |
| asterisk | open_source | 1.2.17 | any |
| asterisk | open_source | 1.2.18 | any |
| asterisk | open_source | 1.2.18 | any |
| asterisk | open_source | 1.2.19 | any |
| asterisk | open_source | 1.2.19 | any |
| asterisk | open_source | 1.2.20 | any |
| asterisk | open_source | 1.2.20 | any |
| asterisk | open_source | 1.2.21 | any |
| asterisk | open_source | 1.2.21 | any |
| asterisk | open_source | 1.2.21.1 | any |
| asterisk | open_source | 1.2.21.1 | any |
| asterisk | open_source | 1.2.22 | any |
| asterisk | open_source | 1.2.22 | any |
| asterisk | open_source | 1.2.23 | any |
| asterisk | open_source | 1.2.23 | any |
| asterisk | open_source | 1.2.24 | any |
| asterisk | open_source | 1.2.24 | any |
| asterisk | open_source | 1.2.25 | any |
| asterisk | open_source | 1.2.25 | any |
| asterisk | open_source | 1.2.26 | any |
| asterisk | open_source | 1.2.26 | any |
| asterisk | open_source | 1.2.26.1 | any |
| asterisk | open_source | 1.2.26.1 | any |
| asterisk | open_source | 1.2.26.2 | any |
| asterisk | open_source | 1.2.26.2 | any |
| asterisk | open_source | 1.2.27 | any |
| asterisk | open_source | 1.2.28 | any |
| asterisk | open_source | 1.2.29 | any |
| asterisk | open_source | 1.2.30 | any |
| asterisk | open_source | 1.2.30.2 | any |
| asterisk | open_source | 1.2.30.3 | any |
| asterisk | open_source | 1.2.30.4 | any |
| asterisk | open_source | 1.2.31 | any |
| asterisk | open_source | 1.2.32 | any |
| asterisk | open_source | 1.2.33 | any |
| asterisk | open_source | 1.2.34 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.1 | any |
| asterisk | open_source | 1.4.2 | any |
| asterisk | open_source | 1.4.3 | any |
| asterisk | open_source | 1.4.4 | any |
| asterisk | open_source | 1.4.5 | any |
| asterisk | open_source | 1.4.6 | any |
| asterisk | open_source | 1.4.7 | any |
| asterisk | open_source | 1.4.7.1 | any |
| asterisk | open_source | 1.4.8 | any |
| asterisk | open_source | 1.4.9 | any |
| asterisk | open_source | 1.4.10 | any |
| asterisk | open_source | 1.4.10.1 | any |
| asterisk | open_source | 1.4.11 | any |
| asterisk | open_source | 1.4.12 | any |
| asterisk | open_source | 1.4.12.1 | any |
| asterisk | open_source | 1.4.13 | any |
| asterisk | open_source | 1.4.14 | any |
| asterisk | open_source | 1.4.15 | any |
| asterisk | open_source | 1.4.16 | any |
| asterisk | open_source | 1.4.16.1 | any |
| asterisk | open_source | 1.4.16.2 | any |
| asterisk | open_source | 1.4.17 | any |
| asterisk | open_source | 1.4.18 | any |
| asterisk | open_source | 1.4.18.1 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19.1 | any |
| asterisk | open_source | 1.4.19.2 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.21 | any |
| asterisk | open_source | 1.4.21 | any |
| asterisk | open_source | 1.4.21 | any |
| asterisk | open_source | 1.4.21.1 | any |
| asterisk | open_source | 1.4.21.2 | any |
| asterisk | open_source | 1.4.22 | any |
| asterisk | open_source | 1.4.22 | any |
| asterisk | open_source | 1.4.22 | any |
| asterisk | open_source | 1.4.22.1 | any |
| asterisk | open_source | 1.4.22.2 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4beta | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0.1 | any |
| asterisk | open_source | 1.6.0.2 | any |
| asterisk | open_source | 1.6.0.3 | any |
| asterisk | open_source | 1.6.0.3 | any |
| asterisk | open_source | 1.6.1.0 | any |
| asterisk | open_source | 1.6.1.0 | any |
| asterisk | open_source | 1.6.1.5 | any |
| asterisk | opensource | 1.4.23.2 | any |
| asterisk | opensource | 1.4.24 | any |
| asterisk | opensource | 1.4.24.1 | any |
| asterisk | opensource | 1.4.26 | any |
| asterisk | opensource | 1.4.26.1 | any |
| sangoma | asterisk | 1.6.1 | any |
| sangoma | asterisk | 1.6.1.4 | any |
| asterisk | appliance_s800i | 1.3 | any |
| asterisk | appliance_s800i | 1.3.0.2 | any |
References 5
- downloads.asterisk.org http://downloads.asterisk.org/pub/security/AST-2009-006.html
- secunia.com http://secunia.com/advisories/36593
- securitytracker.com http://securitytracker.com/id?1022819
- securityfocus.com http://www.securityfocus.com/archive/1/506257/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/36275
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.