CVE-2007-5358
published 2007-10-12CVE-2007-5358: Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.86%
88.9th percentile
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.4.13~dfsg-1 (bullseye) | asterisk 1:1.4.13~dfsg-1 (bullseye) |
| digium | asterisk | <= 1.4.12 | — |
| digium | asterisk | >= 0 < 1:1.4.13~dfsg-1 | 1:1.4.13~dfsg-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-5358: asterisk - Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x befor...
vendor_debian·2007·CVSS 6.8
CVE-2007-5358 [MEDIUM] CVE-2007-5358: asterisk - Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x befor...
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
Scope: local
bullseye: resolved (fixed in 1:1.4.13~dfsg-1)
sid: resolved (fixed in 1:1.4.13~dfsg-1)
GHSA
GHSA-qx34-mm7f-757c: Multiple buffer overflows in the voicemail functionality in Asterisk 1
ghsa_unreviewed·2022-05-01
CVE-2007-5358 [MEDIUM] CWE-119 GHSA-qx34-mm7f-757c: Multiple buffer overflows in the voicemail functionality in Asterisk 1
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
OSV
CVE-2007-5358: Multiple buffer overflows in the voicemail functionality in Asterisk 1
osv·2007-10-12·CVSS 6.8
CVE-2007-5358 [MEDIUM] CVE-2007-5358: Multiple buffer overflows in the voicemail functionality in Asterisk 1
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
No detection rules found.
No public exploits indexed.
http://downloads.digium.com/pub/security/AST-2007-022.htmlhttp://osvdb.org/38201http://osvdb.org/38202http://secunia.com/advisories/27184http://www.securityfocus.com/archive/1/481996/100/0/threadedhttp://www.securityfocus.com/bid/26005http://www.securitytracker.com/id?1018804http://www.vupen.com/english/advisories/2007/3454https://exchange.xforce.ibmcloud.com/vulnerabilities/37051https://exchange.xforce.ibmcloud.com/vulnerabilities/37052http://downloads.digium.com/pub/security/AST-2007-022.htmlhttp://osvdb.org/38201http://osvdb.org/38202http://secunia.com/advisories/27184http://www.securityfocus.com/archive/1/481996/100/0/threadedhttp://www.securityfocus.com/bid/26005http://www.securitytracker.com/id?1018804http://www.vupen.com/english/advisories/2007/3454https://exchange.xforce.ibmcloud.com/vulnerabilities/37051https://exchange.xforce.ibmcloud.com/vulnerabilities/37052
2007-10-12
Published