CVE-2007-1561
published 2007-03-21CVE-2007-1561: The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with…
PriorityP336high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
14.49%
96.2th percentile
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk | — | — |
| asterisk | asterisk | — | — |
| asterisk | asterisk | — | — |
| asterisk | asterisk | — | — |
| asterisk | asterisk | >= 0 < 1:1.4.2~dfsg-5 | 1:1.4.2~dfsg-5 |
| debian | asterisk | < asterisk 1:1.4.2~dfsg-5 (bullseye) | asterisk 1:1.4.2~dfsg-5 (bullseye) |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-1561: asterisk - The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remot...
vendor_debian·2007·CVSS 7.8
CVE-2007-1561 [HIGH] CVE-2007-1561: asterisk - The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remot...
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
Scope: local
bullseye: resolved (fixed in 1:1.4.2~dfsg-5)
sid: resolved (fixed in 1:1.4.2~dfsg-5)
GHSA
GHSA-jwxq-x6h2-p3qv: The channel driver in Asterisk before 1
ghsa_unreviewed·2022-05-01
CVE-2007-1561 [HIGH] GHSA-jwxq-x6h2-p3qv: The channel driver in Asterisk before 1
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
OSV
CVE-2007-1561: The channel driver in Asterisk before 1
osv·2007-03-21·CVSS 7.8
CVE-2007-1561 [HIGH] CVE-2007-1561: The channel driver in Asterisk before 1
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
No detection rules found.
No writeups or analysis indexed.
http://asterisk.org/node/48339http://marc.info/?l=full-disclosure&m=117432783011737&w=2http://secunia.com/advisories/24564http://secunia.com/advisories/24719http://secunia.com/advisories/25582http://security.gentoo.org/glsa/glsa-200704-01.xmlhttp://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.htmlhttp://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://www.osvdb.org/34479http://www.securityfocus.com/archive/1/463434/100/0/threadedhttp://www.securityfocus.com/bid/23031http://www.securitytracker.com/id?1017794http://www.sineapps.com/news.php?rssid=1707http://www.vupen.com/english/advisories/2007/1039https://exchange.xforce.ibmcloud.com/vulnerabilities/33068http://asterisk.org/node/48339http://marc.info/?l=full-disclosure&m=117432783011737&w=2http://secunia.com/advisories/24564http://secunia.com/advisories/24719http://secunia.com/advisories/25582http://security.gentoo.org/glsa/glsa-200704-01.xmlhttp://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.htmlhttp://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://www.osvdb.org/34479http://www.securityfocus.com/archive/1/463434/100/0/threadedhttp://www.securityfocus.com/bid/23031http://www.securitytracker.com/id?1017794http://www.sineapps.com/news.php?rssid=1707http://www.vupen.com/english/advisories/2007/1039https://exchange.xforce.ibmcloud.com/vulnerabilities/33068
2007-03-21
Published