Vulnerability Details CVE-2007-3762
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.098
EPSS Ranking 92.5%
CVSS Severity
CVSS v2 Score 9.3
References
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
- http://secunia.com/advisories/26099
- http://secunia.com/advisories/29051
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24949
- http://www.securitytracker.com/id?1018407
- http://www.vupen.com/english/advisories/2007/2563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35466
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
- http://secunia.com/advisories/26099
- http://secunia.com/advisories/29051
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24949
- http://www.securitytracker.com/id?1018407
- http://www.vupen.com/english/advisories/2007/2563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35466
Products affected by CVE-2007-3762
-
cpe:2.3:a:asterisk:asterisk:1.0
-
cpe:2.3:a:asterisk:asterisk:1.0.10
-
cpe:2.3:a:asterisk:asterisk:1.0.11
-
cpe:2.3:a:asterisk:asterisk:1.0.12
-
cpe:2.3:a:asterisk:asterisk:1.0.6
-
cpe:2.3:a:asterisk:asterisk:1.0.7
-
cpe:2.3:a:asterisk:asterisk:1.0.8
-
cpe:2.3:a:asterisk:asterisk:1.0.9
-
cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
-
cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
-
cpe:2.3:a:asterisk:asterisk:1.2.10
-
cpe:2.3:a:asterisk:asterisk:1.2.11
-
cpe:2.3:a:asterisk:asterisk:1.2.12
-
cpe:2.3:a:asterisk:asterisk:1.2.13
-
cpe:2.3:a:asterisk:asterisk:1.2.14
-
cpe:2.3:a:asterisk:asterisk:1.2.15
-
cpe:2.3:a:asterisk:asterisk:1.2.16
-
cpe:2.3:a:asterisk:asterisk:1.2.17
-
cpe:2.3:a:asterisk:asterisk:1.2.5
-
cpe:2.3:a:asterisk:asterisk:1.2.6
-
cpe:2.3:a:asterisk:asterisk:1.2.7
-
cpe:2.3:a:asterisk:asterisk:1.2.8
-
cpe:2.3:a:asterisk:asterisk:1.2.9
-
cpe:2.3:a:asterisk:asterisk:1.4.1
-
cpe:2.3:a:asterisk:asterisk:1.4.2
-
cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27
-
cpe:2.3:a:asterisk:asterisk:1.4_beta
-
cpe:2.3:a:asterisk:asterisk:a
-
cpe:2.3:a:asterisk:asterisk:b.1.3.2
-
cpe:2.3:a:asterisk:asterisk:b.1.3.3
-
cpe:2.3:a:asterisk:asterisk:b.2.2.0
-
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*
-
cpe:2.3:a:asterisk:asterisknow:beta_5
-
cpe:2.3:a:asterisk:asterisknow:beta_6
-
cpe:2.3:h:asterisk:s800i_appliance:1.0
-
cpe:2.3:h:asterisk:s800i_appliance:1.0.1