CVE-2007-2488
published 2007-05-07CVE-2007-2488: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of…
PriorityP431critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
4.32%
90.0th percentile
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk | <= 1.4.4_2007-04-27 | — |
| asterisk | asterisk | >= 0 < 1:1.4.5~dfsg-1 | 1:1.4.5~dfsg-1 |
| debian | asterisk | < asterisk 1:1.4.5~dfsg-1 (bullseye) | asterisk 1:1.4.5~dfsg-1 (bullseye) |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w22m-8gr9-p75j: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss o
ghsa_unreviewed·2022-05-01
CVE-2007-2488 [HIGH] GHSA-w22m-8gr9-p75j: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss o
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
OSV
CVE-2007-2488: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss o
osv·2007-05-07·CVSS 10.0
CVE-2007-2488 [CRITICAL] CVE-2007-2488: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss o
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
Debian
CVE-2007-2488: asterisk - The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properl...
vendor_debian·2007·CVSS 10.0
CVE-2007-2488 [CRITICAL] CVE-2007-2488: asterisk - The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properl...
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
Scope: local
bullseye: resolved (fixed in 1:1.4.5~dfsg-1)
sid: resolved (fixed in 1:1.4.5~dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ftp.digium.com/pub/asa/ASA-2007-013.pdfhttp://osvdb.org/35769http://secunia.com/advisories/25134http://secunia.com/advisories/25582http://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://www.securityfocus.com/bid/23824http://www.vupen.com/english/advisories/2007/1661https://exchange.xforce.ibmcloud.com/vulnerabilities/34085http://ftp.digium.com/pub/asa/ASA-2007-013.pdfhttp://osvdb.org/35769http://secunia.com/advisories/25134http://secunia.com/advisories/25582http://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://www.securityfocus.com/bid/23824http://www.vupen.com/english/advisories/2007/1661https://exchange.xforce.ibmcloud.com/vulnerabilities/34085
2007-05-07
Published