CVE-2007-2488

Published: 07/05/2007 Updated: 29/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The IAX2 channel driver (chan_iax2) in Asterisk prior to 20070504 does not properly null terminate data, which allows remote malicious users to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asterisk asterisk

Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...

Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

NVD-CWE-Other http://ftp.digium.com/pub/asa/ASA-2007-013.pdf http://www.securityfocus.com/bid/23824 http://secunia.com/advisories/25134 http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://secunia.com/advisories/25582 http://www.vupen.com/english/advisories/2007/1661 http://osvdb.org/35769 https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820 https://nvd.nist.gov https://www.debian.org/security/./dsa-1358

CVE-2007-2488

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect