Vulnerability Description
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk | 1.0 |
| Asterisk | Asterisk Appliance Developer Kit | <= 0.4 |
| Asterisk | Asterisknow | beta_5 |
| Asterisk | S800I Appliance | 1.0 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://ftp.digium.com/pub/asa/ASA-2007-014.pdfPatch
- http://secunia.com/advisories/26099
- http://secunia.com/advisories/29051
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24949
- http://www.securitytracker.com/id?1018407
- http://www.vupen.com/english/advisories/2007/2563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35466
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://ftp.digium.com/pub/asa/ASA-2007-014.pdfPatch
- http://secunia.com/advisories/26099
- http://secunia.com/advisories/29051
FAQ
What is CVE-2007-3762?
CVE-2007-3762 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit ...
How severe is CVE-2007-3762?
CVE-2007-3762 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3762?
Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Asterisk, Asterisk Asterisk Appliance Developer Kit, Asterisk Asterisknow, Asterisk S800I Appliance.