CVE-2007-2297

Published: Apr 26, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.asterisk.org/files/ASA-2007-011.pdf

x_refsource_CONFIRM

http://bugs.digium.com/view.php?id=9313

x_refsource_MISC

SUSE-SA:2007:034

vendor-advisory

x_refsource_SUSE

1017954

vdb-entry

x_refsource_SECTRACK

24359

vdb-entry

x_refsource_BID

20070425 ASA-2007-011: Multiple problems in SIP channel parser handling response codes

mailing-list

x_refsource_BUGTRAQ

25582

third-party-advisory

x_refsource_SECUNIA

asterisk-sip-response-dos(33892)

vdb-entry

x_refsource_XF

2644

third-party-advisory

x_refsource_SREASON

DSA-1358

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-2297

Description

Affected Products

References