Back to search
CVE-2007-4924
Published: Oct 8, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
27118
third-party-advisory
x_refsource_SECUNIA
27271
third-party-advisory
x_refsource_SECUNIA
1018776
vdb-entry
x_refsource_SECTRACK
25955
vdb-entry
x_refsource_BID
27129
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:205
vendor-advisory
x_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=296371
x_refsource_CONFIRM
28380
third-party-advisory
x_refsource_SECUNIA
41637
vdb-entry
x_refsource_OSVDB
RHSA-2007:0957
vendor-advisory
x_refsource_REDHAT
[ekiga-list] 20070917 [ANNOUNCE] Ekiga 2.0.10 released
mailing-list
x_refsource_MLIST
USN-562-1
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:11398
vdb-entry
signature
x_refsource_OVAL
http://www.s21sec.com/avisos/s21sec-037-en.txt
x_refsource_MISC
20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2007:021
vendor-advisory
x_refsource_SUSE
ADV-2007-3413
vdb-entry
x_refsource_VUPEN
ADV-2007-3414
vdb-entry
x_refsource_VUPEN
9240
exploit
x_refsource_EXPLOIT-DB
27524
third-party-advisory
x_refsource_SECUNIA
27128
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now