7.8

CVE-2007-1561

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version1.2.14
AsteriskAsterisk Version1.2.15
AsteriskAsterisk Version1.2.16
AsteriskAsterisk Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.49% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/25582
http://www.debian.org/security/2007/dsa-1358
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
http://asterisk.org/node/48339
http://marc.info/?l=full-disclosure&m=117432783011737&w=2
http://secunia.com/advisories/24564
http://secunia.com/advisories/24719
http://security.gentoo.org/glsa/glsa-200704-01.xml
http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
http://www.osvdb.org/34479
http://www.securityfocus.com/archive/1/463434/100/0/threaded
http://www.securityfocus.com/bid/23031
Patch
http://www.securitytracker.com/id?1017794
http://www.sineapps.com/news.php?rssid=1707
http://www.vupen.com/english/advisories/2007/1039
https://exchange.xforce.ibmcloud.com/vulnerabilities/33068