cbcvebase.
CVE-2007-4280
published 2007-08-09

CVE-2007-4280: The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance…

PriorityP47low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
1.15%
62.9th percentile
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

Affected

6 ranges
VendorProductVersion rangeFixed in
asteriskasterisk<= 1.4.9
asteriskasterisk>= 0 < 1:1.4.10~dfsg-11:1.4.10~dfsg-1
asteriskasterisk_appliance_developer_kit<= 0.6.0
asteriskasterisknow<= beta_6
asterisks800i<= 1.0.2
debianasterisk< asterisk 1:1.4.10~dfsg-1 (bullseye)asterisk 1:1.4.10~dfsg-1 (bullseye)

CVSS provenance

nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.