Intrusion Prevention



This indicates an attack attempt against a denial-of-service vulnerability in the SIP channel driver in Asterisk.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted BYE message with an Also (Also transfer) header. It allows a remote attacker to trigger a NULL pointer dereference and cause a denial of service.

Affected Products

Asterisk Open Source versions prior to 1.4.17
Asterisk Business Edition versions prior to C.1.0-beta8
AsteriskNOW versions prior to beta7
Asterisk Appliance Developer Kit
Asterisk Appliance s800i versions prior to


Denial of service

Recommended Actions

Upgrade to the latest versions:

CVE References