CVE-2007-5358 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedOct 12

Latest updateMay 1

Description

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.4.13~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:1.4.13~dfsg-1

▶NVDdigium/asterisk1.4.12

🔴Vulnerability Details

GHSA

GHSA-qx34-mm7f-757c: Multiple buffer overflows in the voicemail functionality in Asterisk 1↗2022-05-01

▶

OSV

CVE-2007-5358: Multiple buffer overflows in the voicemail functionality in Asterisk 1↗2007-10-12

▶

📋Vendor Advisories

Debian

CVE-2007-5358: asterisk - Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x befor...↗2007

▶

💬Community

Bugzilla

CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage↗2008-02-08

▶