CVE-2007-4455
published 2007-08-22CVE-2007-4455: The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.77%
75.4th percentile
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk | <= 1.4.9 | — |
| asterisk | asterisk | >= 0 < 1:1.4.11~dfsg-1 | 1:1.4.11~dfsg-1 |
| asterisk | asterisk_appliance_developer_kit | <= 0.7 | — |
| asterisk | asterisknow | <= beta_6 | — |
| debian | asterisk | < asterisk 1:1.4.11~dfsg-1 (bullseye) | asterisk 1:1.4.11~dfsg-1 (bullseye) |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c3jc-cr5w-8999: The SIP channel driver (chan_sip) in Asterisk Open Source 1
ghsa_unreviewed·2022-05-01
CVE-2007-4455 [MEDIUM] GHSA-c3jc-cr5w-8999: The SIP channel driver (chan_sip) in Asterisk Open Source 1
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
OSV
CVE-2007-4455: The SIP channel driver (chan_sip) in Asterisk Open Source 1
osv·2007-08-22·CVSS 5.0
CVE-2007-4455 [MEDIUM] CVE-2007-4455: The SIP channel driver (chan_sip) in Asterisk Open Source 1
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
Debian
CVE-2007-4455: asterisk - The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, A...
vendor_debian·2007·CVSS 5.0
CVE-2007-4455 [MEDIUM] CVE-2007-4455: asterisk - The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, A...
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
Scope: local
bullseye: resolved (fixed in 1:1.4.11~dfsg-1)
sid: resolved (fixed in 1:1.4.11~dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloads.digium.com/pub/asa/AST-2007-020.htmlhttp://seclists.org/fulldisclosure/2007/Aug/0393.htmlhttp://secunia.com/advisories/26553http://securityreason.com/securityalert/3047http://www.securityfocus.com/bid/25392http://www.securitytracker.com/id?1018595http://www.vupen.com/english/advisories/2007/2953https://exchange.xforce.ibmcloud.com/vulnerabilities/36145http://downloads.digium.com/pub/asa/AST-2007-020.htmlhttp://seclists.org/fulldisclosure/2007/Aug/0393.htmlhttp://secunia.com/advisories/26553http://securityreason.com/securityalert/3047http://www.securityfocus.com/bid/25392http://www.securitytracker.com/id?1018595http://www.vupen.com/english/advisories/2007/2953https://exchange.xforce.ibmcloud.com/vulnerabilities/36145
2007-08-22
Published