Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2007-1306

Published: 07/03/2007 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Asterisk

Vulnerability Summary

Asterisk 1.4 prior to 1.4.1 and 1.2 prior to 1.2.16 allows remote malicious users to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk 1.2.12.1

digium asterisk 1.2.13

digium asterisk 1.2_beta1

digium asterisk 1.2_beta2

digium asterisk 1.2.11

digium asterisk 1.2.12

digium asterisk 1.2.8

digium asterisk 1.2.9

digium asterisk 1.2.0_beta1

digium asterisk 1.2.14

digium asterisk 1.2.15

digium asterisk 1.4.0

digium asterisk 1.4.0_beta1

digium asterisk 1.4.0_beta2

digium asterisk 1.2.0_beta2

digium asterisk 1.2.10

digium asterisk 1.2.6

digium asterisk 1.2.7

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0)
Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...
Debian Security Advisories: DSA-1358-1 asterisk -- several vulnerabilities
Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

Exploits

Exploit DB: Asterisk 1.2.15/1.4.0 - Remote Denial of Service
/* this will cause asterisk to segfault, the bug that this exploits has been patched in release 1216 & 141 CLI> Program received signal SIGSEGV, Segmentation fault [Switching to Thread 1082719152 (LWP 2510)] register_verify (p=0x81cf600, sin=0x4088e750, req=0x4088e760, uri=0x0) at chan_sipc:8257 8257 while (*t &&a ...

References

NVD-CWE-Otherhttp://asterisk.org/node/48319http://asterisk.org/node/48320http://www.kb.cert.org/vuls/id/228032http://www.securitytracker.com/id?1017723http://labs.musecurity.com/advisories/MU-200703-01.txthttp://security.gentoo.org/glsa/glsa-200703-14.xmlhttp://www.securityfocus.com/bid/22838http://secunia.com/advisories/24380http://secunia.com/advisories/24578http://www.osvdb.org/33888http://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://secunia.com/advisories/25582http://www.vupen.com/english/advisories/2007/0830https://exchange.xforce.ibmcloud.com/vulnerabilities/32830https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820https://nvd.nist.govhttps://www.exploit-db.com/exploits/3407/https://www.kb.cert.org/vuls/id/228032
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook