CVE-2007-4521Asterisk vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.5%
top 14.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AsteriskDebian Asterisk
Timeline
PublishedAug 28
Latest updateMay 1

Description

Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDasterisk/asterisk7 versions+6

🔴Vulnerability Details

1
GHSA
GHSA-58rf-9xjg-2wv7: Asterisk Open Source 12022-05-01

📋Vendor Advisories

1
Debian
CVE-2007-4521: asterisk - Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicem...2007