Remote Denial of Service Vulnerability in Asterisk by Digium
CVE-2007-3763

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk; Asterisknow; Asterisk Appliance Developer Kit
Vendor: CVE Published:; 18 July 2007

What is CVE-2007-3763?

A flaw in the IAX2 channel driver (chan_iax2) of Asterisk allows remote attackers to cause a denial of service through crafted LAGRQ or LAGRP frames. This vulnerability arises from a NULL pointer dereference due to improper variable handling when processing IAX frame information elements. Users of affected Asterisk versions should take immediate action to mitigate potential disruptions.

References

http://ftp.digium.com/pub/asa/ASA-2007-015.pdf

x_refsource_CONFIRM

http://secunia.com/advisories/26099

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/24950

vdb-entryx_refsource_BID

EPSS Score

24% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 13, 2007