Asterisk : Security Vulnerabilities, CVEs, Published In March 2007
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
Max CVSS
7.5
EPSS Score
3.26%
Published
2007-03-22
Updated
2011-03-08
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
Max CVSS
7.8
EPSS Score
92.73%
Published
2007-03-22
Updated
2018-10-16
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
Max CVSS
7.8
EPSS Score
24.02%
Published
2007-03-21
Updated
2018-10-16
3 vulnerabilities found