Buffer Overflow Vulnerability in Asterisk IAX2 Channel Driver
CVE-2007-3762

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk; Asterisknow; Asterisk Appliance Developer Kit
Vendor: CVE Published:; 18 July 2007

Summary

The IAX2 channel driver in Asterisk is vulnerable to a stack-based buffer overflow, which can be exploited by remote attackers to execute arbitrary code. This occurs when an attacker sends a specially crafted voice or video RTP frame that exceeds the expected length, compromising the system's integrity and functionality. Affected versions include those prior to Asterisk 1.2.22 and 1.4.x before 1.4.8, as well as various editions and developer kits. It is essential for users to ensure that their systems are updated to mitigate this risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35466

vdb-entryx_refsource_XF

http://secunia.com/advisories/26099

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1018407

vdb-entryx_refsource_SECTRACK

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 13, 2007