Denial of Service Vulnerability in Asterisk SIP Channel Driver by Digium
CVE-2007-4455

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Appliance Developer Kit; Asterisk; Asterisknow
Vendor: CVE Published:; 22 August 2007

What is CVE-2007-4455?

The SIP channel driver (chan_sip) in Asterisk is prone to a resource exhaustion vulnerability that can be exploited remotely. Attackers can initiate a SIP dialog that generates an excessive number of history entries, ultimately leading to memory depletion. This creates significant performance issues and can render the affected Asterisk systems unresponsive. To mitigate this vulnerability, users should upgrade to the latest versions of Asterisk, as outlined in the related advisories.

References

http://securityreason.com/securityalert/3047

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2007/2953

vdb-entryx_refsource_VUPEN

http://downloads.digium.com/pub/asa/AST-2007-020.html

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2007
Vulnerability Reserved
Aug 21, 2007