CVE-2008-2543

Published: Jun 5, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.

Affected (16)

Products: Asterisk: Asterisk Addons

Asterisk

1 product

Asterisk Addons

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Asterisk Asterisk Addons	Version 1.2.0
Asterisk Asterisk Addons	Version 1.2.1
Asterisk Asterisk Addons	Version 1.2.2
Asterisk Asterisk Addons	Version 1.2.3
Asterisk Asterisk Addons	Version 1.2.4
Asterisk Asterisk Addons	Version 1.2.5
Asterisk Asterisk Addons	Version 1.2.6
Asterisk Asterisk Addons	Version 1.2.7
Asterisk Asterisk Addons	Version 1.2.8
Asterisk Asterisk Addons	Version 1.4.0
Asterisk Asterisk Addons	Version 1.4.1
Asterisk Asterisk Addons	Version 1.4.2
Asterisk Asterisk Addons	Version 1.4.3
Asterisk Asterisk Addons	Version 1.4.4
Asterisk Asterisk Addons	Version 1.4.5
Asterisk Asterisk Addons	Version 1.4.6