Denial of Service Vulnerability in Asterisk SIP Channel Driver by Digium
CVE-2007-4455

Currently unrated

Key Information:

Vendor
Asterisk
Status
Asterisk Appliance Developer Kit
Asterisk
Asterisknow
Vendor
CVE Published:
22 August 2007

Summary

The SIP channel driver (chan_sip) in Asterisk is prone to a resource exhaustion vulnerability that can be exploited remotely. Attackers can initiate a SIP dialog that generates an excessive number of history entries, ultimately leading to memory depletion. This creates significant performance issues and can render the affected Asterisk systems unresponsive. To mitigate this vulnerability, users should upgrade to the latest versions of Asterisk, as outlined in the related advisories.

References

http://securityreason.com/securityalert/3047
third-party-advisoryx_refsource_SREASON
http://www.vupen.com/english/advisories/2007/2953
vdb-entryx_refsource_VUPEN
http://downloads.digium.com/pub/asa/AST-2007-020.html
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-4455 : Denial of Service Vulnerability in Asterisk SIP Channel Driver by Digium | SecurityVulnerability.io