CVE Vulnerabilities

CVE-2007-1306

Published: Mar 07, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Affected Software

Name Vendor Start Version End Version
Asterisk Digium 1.2.0_beta1 1.2.0_beta1
Asterisk Digium 1.2.0_beta2 1.2.0_beta2
Asterisk Digium 1.2.6 1.2.6
Asterisk Digium 1.2.7 1.2.7
Asterisk Digium 1.2.8 1.2.8
Asterisk Digium 1.2.9 1.2.9
Asterisk Digium 1.2.10 1.2.10
Asterisk Digium 1.2.11 1.2.11
Asterisk Digium 1.2.12 1.2.12
Asterisk Digium 1.2.12.1 1.2.12.1
Asterisk Digium 1.2.13 1.2.13
Asterisk Digium 1.2.14 1.2.14
Asterisk Digium 1.2.15 1.2.15
Asterisk Digium 1.2_beta1 1.2_beta1
Asterisk Digium 1.2_beta2 1.2_beta2
Asterisk Digium 1.4.0 1.4.0
Asterisk Digium 1.4.0_beta1 1.4.0_beta1
Asterisk Digium 1.4.0_beta2 1.4.0_beta2
Asterisk Ubuntu dapper *
Asterisk Ubuntu devel *
Asterisk Ubuntu edgy *
Asterisk Ubuntu feisty *
Asterisk Ubuntu gutsy *
Asterisk Ubuntu upstream *

References