Lucene search

PRIOn knowledge basePRION:CVE-2007-2488

HistoryMay 07, 2007 - 7:19 p.m.

Information disclosure

2007-05-0719:19:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.066 Low

EPSS

Percentile

93.6%

JSON

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

CPENameOperatorVersion
asteriskeq<= 1.4.42007427

CPE	Name	Operator	Version
	asterisk	eq	<= 1.4.42007427

References

ftp.digium.com/pub/asa/ASA-2007-013.pdf

osvdb.org/35769

secunia.com/advisories/25134

secunia.com/advisories/25582

www.debian.org/security/2007/dsa-1358

www.novell.com/linux/security/advisories/2007_34_asterisk.html

www.securityfocus.com/bid/23824

www.vupen.com/english/advisories/2007/1661

exchange.xforce.ibmcloud.com/vulnerabilities/34085

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.066 Low

EPSS

Percentile

93.6%

JSON

Related for PRION:CVE-2007-2488