7.6
CVE-2007-2293
- EPSS 23.88%
- Veröffentlicht 26.04.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 23.88% | 0.975 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/24977
http://securityreason.com/securityalert/2645
http://www.asterisk.org/files/ASA-2007-010.pdf
http://www.osvdb.org/35368
http://www.securityfocus.com/archive/1/466883/100/0/threaded
http://www.securityfocus.com/archive/1/472804/100/0/threaded
http://www.securityfocus.com/bid/23648
http://www.securitytracker.com/id?1017951
http://www.securitytracker.com/id?1018337
http://www.vupen.com/english/advisories/2007/1534
https://exchange.xforce.ibmcloud.com/vulnerabilities/33895