CVE-2007-2297 — Asterisk vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

2.1%

top 15.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asterisk Debian Asterisk

Timeline

PublishedApr 26

Latest updateMay 1

Description

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.4.2~dfsg-1 (bullseye)

▶Debianasterisk/asterisk< 1:1.4.2~dfsg-1

▶NVDasterisk/asterisk13 versions+12

Patches

Patch: www.securitytracker.com ↗Patch: www.securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-w3jr-jp8f-r2vr: The SIP channel driver (chan_sip) in Asterisk before 1↗2022-05-01

▶

OSV

CVE-2007-2297: The SIP channel driver (chan_sip) in Asterisk before 1↗2007-04-26

▶

📋Vendor Advisories

Debian

CVE-2007-2297: asterisk - The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4...↗2007

▶