← back
CVE-2007-3763

CVE-2007-3763

EPSS 26.6%
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/4249unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.gentoo.org/show_bug.cgi?id=185713http://ftp.digium.com/pub/asa/ASA-2007-015.pdfhttp://secunia.com/advisories/26099http://secunia.com/advisories/29051http://security.gentoo.org/glsa/glsa-200802-11.xmlhttp://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.securityfocus.com/bid/24950http://www.securitytracker.com/id?1018407http://www.vupen.com/english/advisories/2007/2563