Asterisk

Asterisk

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2007-3763

  • EPSS 24.48%
  • Veröffentlicht 18.07.2007 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of...

9.3

CVE-2007-3762

  • EPSS 9.84%
  • Veröffentlicht 18.07.2007 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote...

10

CVE-2007-2488

  • EPSS 3.07%
  • Veröffentlicht 07.05.2007 19:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of...

7.8

CVE-2007-2297

  • EPSS 2.02%
  • Veröffentlicht 26.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

7.8

CVE-2007-2294

  • EPSS 4.12%
  • Veröffentlicht 26.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in...

7.6

CVE-2007-2293

Exploit
  • EPSS 40.71%
  • Veröffentlicht 26.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP pa...

7.5

CVE-2007-1595

  • EPSS 0.78%
  • Veröffentlicht 22.03.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.

7.8

CVE-2007-1594

  • EPSS 4.77%
  • Veröffentlicht 22.03.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.

7.8

CVE-2007-1561

  • EPSS 17.85%
  • Veröffentlicht 21.03.2007 19:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.