|Date: (C)2009-09-08 (M)2015-12-16|
|CVSS Score: 7.8||Access Vector: NETWORK|
|Exploitability Subscore: 10.0||Access Complexity: LOW|
|Impact Subscore: 6.9||Authentication: NONE|
| ||Confidentiality: NONE|
| ||Integrity: NONE|
| ||Availability: COMPLETE|
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 22.214.171.124, 1.6.0.x before 126.96.36.199, and 1.6.1.x before 188.8.131.52; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 184.108.40.206 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.