Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
CVSS v2.0 Score
7.8
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Information
- Published
- 27 août 2009
- Updated
- 23 avr. 2026
- Status
- Modified
- Source
- psirt@cisco.com
Affected products
cisco unified communications manager
Versions : 5.1\(3g\), 6.1\(4\), 7.1\(2\)
cisco ios
Versions : 12.4, 15.1
cisco ios xeAll Cisco IOS XE CVEs →
Versions : 2.6.1
Weaknesses (CWE)
NVD-CWE-Other
References (14)
- http://osvdb.org/57453Broken Link
- http://secunia.com/advisories/36498Third Party Advisory
- http://secunia.com/advisories/36499Third Party Advisory
- http://www.securityfocus.com/bid/36152Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022775Third Party AdvisoryVDB Entry
- http://osvdb.org/57453Broken Link
- http://secunia.com/advisories/36498Third Party Advisory
- http://secunia.com/advisories/36499Third Party Advisory
- http://www.securityfocus.com/bid/36152Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022775Third Party AdvisoryVDB Entry
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.