7.8
CVSSv2

CVE-2007-1306

Published: 07/03/2007 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Asterisk 1.4 prior to 1.4.1 and 1.2 prior to 1.2.16 allows remote malicious users to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk 1.2.11

digium asterisk 1.2.0 beta1

digium asterisk 1.2.12

digium asterisk 1.2.10

digium asterisk 1.2.9

digium asterisk 1.4.0

digium asterisk 1.2.13

digium asterisk 1.2 beta2

digium asterisk 1.4.0 beta1

digium asterisk 1.4.0 beta2

digium asterisk 1.2.8

digium asterisk 1.2.6

digium asterisk 1.2.15

digium asterisk 1.2.7

digium asterisk 1.2.14

digium asterisk 1.2 beta1

digium asterisk 1.2.0 beta2

digium asterisk 1.2.12.1

Vendor Advisories

Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...
Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

Exploits

/* this will cause asterisk to segfault, the bug that this exploits has been patched in release 1216 & 141 CLI> Program received signal SIGSEGV, Segmentation fault [Switching to Thread 1082719152 (LWP 2510)] register_verify (p=0x81cf600, sin=0x4088e750, req=0x4088e760, uri=0x0) at chan_sipc:8257 8257 while (*t &&a ...