cbcvebase.
CVE-2007-5358
published 2007-10-12

CVE-2007-5358: Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute…

PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.86%
88.9th percentile
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.4.13~dfsg-1 (bullseye)asterisk 1:1.4.13~dfsg-1 (bullseye)
digiumasterisk<= 1.4.12
digiumasterisk>= 0 < 1:1.4.13~dfsg-11:1.4.13~dfsg-1

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.