The IAX2 channel driver (chan_iax2) in Asterisk prior to 20070504 does not properly null terminate data, which allows remote malicious users to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asterisk asterisk |