Vulnerability Details CVE-2007-1693
The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.8%
CVSS Severity
CVSS v2 Score 7.8
References
- http://securityreason.com/securityalert/2716
- http://voip.null.ro/cgi-bin/cvsweb.cgi/yate/modules/ysipchan.cpp
- http://www.securityfocus.com/archive/1/467289/100/200/threaded
- http://www.securityfocus.com/bid/23746
- http://securityreason.com/securityalert/2716
- http://voip.null.ro/cgi-bin/cvsweb.cgi/yate/modules/ysipchan.cpp
- http://www.securityfocus.com/archive/1/467289/100/200/threaded
- http://www.securityfocus.com/bid/23746
Products affected by CVE-2007-1693
-
cpe:2.3:a:yate:yet_another_telephony_engine:1.1.0