Unrated severityNVD Advisory· Published Dec 17, 2008· Updated Apr 23, 2026

CVE-2008-5558

Description

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

Affected products

Asterisk/Business Edition5 versions
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*
Asterisk/Opensource12 versions
cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000