CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2488

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile12.68th
PublishedMay 7, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

Affected Platforms (CPE)

πŸ“¦
Asterisk

Asterisk

<= 1.4.4_2007-04-27

References & Advisories

πŸ”— http://ftp.digium.com/pub/asa/ASA-2007-013.pdf
πŸ”— http://osvdb.org/35769
πŸ”— http://secunia.com/advisories/25134
πŸ”— http://secunia.com/advisories/25582
πŸ”— http://www.debian.org/security/2007/dsa-1358
πŸ”— http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
πŸ”— http://www.securityfocus.com/bid/23824
πŸ”— http://www.vupen.com/english/advisories/2007/1661

Related Vulnerabilities

CVE-2017-141009.8

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...

CVE-2007-37629.3

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edit...

CVE-2011-15999.0

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17...