cbcvebase.
CVE-2007-2488
published 2007-05-07

CVE-2007-2488: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of…

PriorityP431critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
4.32%
90.0th percentile
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

Affected

3 ranges
VendorProductVersion rangeFixed in
asteriskasterisk<= 1.4.4_2007-04-27
asteriskasterisk>= 0 < 1:1.4.5~dfsg-11:1.4.5~dfsg-1
debianasterisk< asterisk 1:1.4.5~dfsg-1 (bullseye)asterisk 1:1.4.5~dfsg-1 (bullseye)

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.