CVE Vulnerabilities

CVE-2007-2293

Published: Apr 26, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.

Affected Software

Name Vendor Start Version End Version
Asterisk Asterisk 1.4.1 (including) 1.4.1 (including)
Asterisk Asterisk 1.4.2 (including) 1.4.2 (including)
Asterisk Asterisk 1.4_beta (including) 1.4_beta (including)

References