CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3762

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile7.56th
PublishedJul 18, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.

Affected Platforms (CPE)

πŸ“¦
Asterisk

Asterisk

= 1.0
πŸ“¦
Asterisk

Asterisk

= 1.0.6
πŸ“¦
Asterisk

Asterisk

= 1.0.7
πŸ“¦
Asterisk

Asterisk

= 1.0.8
πŸ“¦
Asterisk

Asterisk

= 1.0.9
πŸ“¦
Asterisk

Asterisk

= 1.0.10
πŸ“¦
Asterisk

Asterisk

= 1.0.11
πŸ“¦
Asterisk

Asterisk

= 1.0.12
πŸ“¦
Asterisk

Asterisk

= 1.2.0_beta1
πŸ“¦
Asterisk

Asterisk

= 1.2.0_beta2
πŸ“¦
Asterisk

Asterisk

= 1.2.5
πŸ“¦
Asterisk

Asterisk

= 1.2.6
πŸ“¦
Asterisk

Asterisk

= 1.2.7
πŸ“¦
Asterisk

Asterisk

= 1.2.8
πŸ“¦
Asterisk

Asterisk

= 1.2.9
πŸ“¦
Asterisk

Asterisk

= 1.2.10
πŸ“¦
Asterisk

Asterisk

= 1.2.11
πŸ“¦
Asterisk

Asterisk

= 1.2.12
πŸ“¦
Asterisk

Asterisk

= 1.2.13
πŸ“¦
Asterisk

Asterisk

= 1.2.14
πŸ“¦
Asterisk

Asterisk

= 1.2.15
πŸ“¦
Asterisk

Asterisk

= 1.2.16
πŸ“¦
Asterisk

Asterisk

= 1.2.17
πŸ“¦
Asterisk

Asterisk

= 1.4.1
πŸ“¦
Asterisk

Asterisk

= 1.4.2
πŸ“¦
Asterisk

Asterisk

= 1.4.4_2007-04-27
πŸ“¦
Asterisk

Asterisk

= 1.4_beta
πŸ“¦
Asterisk

Asterisk

= a
πŸ“¦
Asterisk

Asterisk

= b.1.3.2
πŸ“¦
Asterisk

Asterisk

= b.1.3.3
πŸ“¦
Asterisk

Asterisk

= b.2.2.0
πŸ“¦
Asterisk

Asterisk Appliance Developer Kit

<= 0.4
πŸ“¦
Asterisk

Asterisknow

= beta_5
πŸ“¦
Asterisk

Asterisknow

= beta_6
πŸ”Œ
Asterisk

S800i Appliance

= 1.0
πŸ”Œ
Asterisk

S800i Appliance

= 1.0.1

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=185713
πŸ”— http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
πŸ”— http://secunia.com/advisories/26099
πŸ”— http://secunia.com/advisories/29051
πŸ”— http://security.gentoo.org/glsa/glsa-200802-11.xml
πŸ”— http://www.debian.org/security/2007/dsa-1358
πŸ”— http://www.novell.com/linux/security/advisories/2007_15_sr.html
πŸ”— http://www.securityfocus.com/bid/24949

Related Vulnerabilities

CVE-2007-248810.0

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attacke...

CVE-2017-141009.8

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...

CVE-2011-15999.0

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17...