9.3

CVE-2007-3762

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version1.0
AsteriskAsterisk Version1.0.6
AsteriskAsterisk Version1.0.7
AsteriskAsterisk Version1.0.8
AsteriskAsterisk Version1.0.9
AsteriskAsterisk Version1.0.10
AsteriskAsterisk Version1.0.11
AsteriskAsterisk Version1.0.12
AsteriskAsterisk Version1.2.0_beta1
AsteriskAsterisk Version1.2.0_beta2
AsteriskAsterisk Version1.2.5
AsteriskAsterisk Version1.2.6
AsteriskAsterisk Version1.2.7
AsteriskAsterisk Version1.2.8
AsteriskAsterisk Version1.2.9
AsteriskAsterisk Version1.2.10
AsteriskAsterisk Version1.2.11
AsteriskAsterisk Version1.2.12
AsteriskAsterisk Version1.2.13
AsteriskAsterisk Version1.2.14
AsteriskAsterisk Version1.2.15
AsteriskAsterisk Version1.2.16
AsteriskAsterisk Version1.2.17
AsteriskAsterisk Version1.4.1
AsteriskAsterisk Version1.4.2
AsteriskAsterisk Version1.4.4_2007-04-27
AsteriskAsterisk Version1.4_beta
AsteriskAsterisk Versiona Editionbusiness
AsteriskAsterisk Versionb.1.3.2 Editionbusiness
AsteriskAsterisk Versionb.1.3.3 Editionbusiness
AsteriskAsterisk Versionb.2.2.0 Editionbusiness
AsteriskAsterisknow Versionbeta_5
AsteriskAsterisknow Versionbeta_6
AsteriskS800i Appliance Version1.0
AsteriskS800i Appliance Version1.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.51% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2007/dsa-1358
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://bugs.gentoo.org/show_bug.cgi?id=185713
http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
Patch
http://secunia.com/advisories/26099
http://secunia.com/advisories/29051
http://security.gentoo.org/glsa/glsa-200802-11.xml
http://www.securityfocus.com/bid/24949
http://www.securitytracker.com/id?1018407
http://www.vupen.com/english/advisories/2007/2563
https://exchange.xforce.ibmcloud.com/vulnerabilities/35466