5
CVE-2007-4924
- EPSS 10.68%
- Veröffentlicht 08.10.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openh323 Project ≫ Openh323 Version <= 2.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.68% | 0.952 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/27271
http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20
http://osvdb.org/41637
http://secunia.com/advisories/27118
http://secunia.com/advisories/27128
http://secunia.com/advisories/27129
http://secunia.com/advisories/27524
http://secunia.com/advisories/28380
http://www.mandriva.com/security/advisories?name=MDKSA-2007:205
http://www.redhat.com/support/errata/RHSA-2007-0957.html
http://www.s21sec.com/avisos/s21sec-037-en.txt
http://www.securityfocus.com/archive/1/482120/30/4500/threaded
http://www.securityfocus.com/bid/25955
http://www.securitytracker.com/id?1018776
http://www.ubuntu.com/usn/usn-562-1
http://www.vupen.com/english/advisories/2007/3413
http://www.vupen.com/english/advisories/2007/3414
https://bugzilla.redhat.com/show_bug.cgi?id=296371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398
https://www.exploit-db.com/exploits/9240