9.3

CVE-2007-3762

EPSS 9.84%
Published 18.07.2007 17:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Asterisk ≫ Asterisk Version1.0

Asterisk ≫ Asterisk Version1.0.6

Asterisk ≫ Asterisk Version1.0.7

Asterisk ≫ Asterisk Version1.0.8

Asterisk ≫ Asterisk Version1.0.9

Asterisk ≫ Asterisk Version1.0.10

Asterisk ≫ Asterisk Version1.0.11

Asterisk ≫ Asterisk Version1.0.12

Asterisk ≫ Asterisk Version1.2.0_beta1

Asterisk ≫ Asterisk Version1.2.0_beta2

Asterisk ≫ Asterisk Version1.2.5

Asterisk ≫ Asterisk Version1.2.6

Asterisk ≫ Asterisk Version1.2.7

Asterisk ≫ Asterisk Version1.2.8

Asterisk ≫ Asterisk Version1.2.9

Asterisk ≫ Asterisk Version1.2.10

Asterisk ≫ Asterisk Version1.2.11

Asterisk ≫ Asterisk Version1.2.12

Asterisk ≫ Asterisk Version1.2.13

Asterisk ≫ Asterisk Version1.2.14

Asterisk ≫ Asterisk Version1.2.15

Asterisk ≫ Asterisk Version1.2.16

Asterisk ≫ Asterisk Version1.2.17

Asterisk ≫ Asterisk Version1.4.1

Asterisk ≫ Asterisk Version1.4.2

Asterisk ≫ Asterisk Version1.4.4_2007-04-27

Asterisk ≫ Asterisk Version1.4_beta

Asterisk ≫ Asterisk Versiona Editionbusiness

Asterisk ≫ Asterisk Versionb.1.3.2 Editionbusiness

Asterisk ≫ Asterisk Versionb.1.3.3 Editionbusiness

Asterisk ≫ Asterisk Versionb.2.2.0 Editionbusiness

Asterisk ≫ Asterisk Appliance Developer Kit Version <= 0.4

Asterisk ≫ Asterisknow Versionbeta_5

Asterisk ≫ Asterisknow Versionbeta_6

Asterisk ≫ S800i Appliance Version1.0

Asterisk ≫ S800i Appliance Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.84%	0.922

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://www.debian.org/security/2007/dsa-1358

http://www.novell.com/linux/security/advisories/2007_15_sr.html

http://bugs.gentoo.org/show_bug.cgi?id=185713

http://ftp.digium.com/pub/asa/ASA-2007-014.pdf

Patch

http://secunia.com/advisories/26099

http://secunia.com/advisories/29051

http://security.gentoo.org/glsa/glsa-200802-11.xml

http://www.securityfocus.com/bid/24949

http://www.securitytracker.com/id?1018407

http://www.vupen.com/english/advisories/2007/2563

https://exchange.xforce.ibmcloud.com/vulnerabilities/35466

https://nvd.nist.gov/vuln/detail/CVE-2007-3762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3762

EUVD