返回 CVE 浏览器

CVE-2007-2488

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1530%

EPSS Percentile12.68th

Published2007年5月7日

Last Modified2026年4月23日

Vulnerability Description

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

Affected Platforms (CPE)

📦

Asterisk

Asterisk

<= 1.4.4_2007-04-27

References & Advisories

🔗 http://ftp.digium.com/pub/asa/ASA-2007-013.pdf

🔗 http://osvdb.org/35769

🔗 http://secunia.com/advisories/25134

🔗 http://secunia.com/advisories/25582

🔗 http://www.debian.org/security/2007/dsa-1358

🔗 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html

🔗 http://www.securityfocus.com/bid/23824

🔗 http://www.vupen.com/english/advisories/2007/1661

相关漏洞威胁

CVE-2017-141009.8

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...

CVE-2007-37629.3

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edit...

CVE-2011-15999.0

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17...