Back to search
CVE-2007-2488
Published: May 7, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-1661
vdb-entry
x_refsource_VUPEN
SUSE-SA:2007:034
vendor-advisory
x_refsource_SUSE
35769
vdb-entry
x_refsource_OSVDB
asterisk-iax2-information-disclosure(34085)
vdb-entry
x_refsource_XF
25582
third-party-advisory
x_refsource_SECUNIA
25134
third-party-advisory
x_refsource_SECUNIA
http://ftp.digium.com/pub/asa/ASA-2007-013.pdf
x_refsource_CONFIRM
23824
vdb-entry
x_refsource_BID
DSA-1358
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now