9.3
CVE-2007-3762
- EPSS 5.51%
- Veröffentlicht 18.07.2007 17:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asterisk ≫ Asterisk Appliance Developer Kit Version <= 0.4
Asterisk ≫ Asterisknow Versionbeta_5
Asterisk ≫ Asterisknow Versionbeta_6
Asterisk ≫ S800i Appliance Version1.0
Asterisk ≫ S800i Appliance Version1.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.51% | 0.918 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://www.debian.org/security/2007/dsa-1358
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://bugs.gentoo.org/show_bug.cgi?id=185713
http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
http://secunia.com/advisories/26099
http://secunia.com/advisories/29051
http://security.gentoo.org/glsa/glsa-200802-11.xml
http://www.securityfocus.com/bid/24949
http://www.securitytracker.com/id?1018407
http://www.vupen.com/english/advisories/2007/2563
https://exchange.xforce.ibmcloud.com/vulnerabilities/35466