9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.185 Low
EPSS
Percentile
96.2%
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
bugs.gentoo.org/show_bug.cgi?id=185713
ftp.digium.com/pub/asa/ASA-2007-014.pdf
secunia.com/advisories/26099
secunia.com/advisories/29051
security.gentoo.org/glsa/glsa-200802-11.xml
www.debian.org/security/2007/dsa-1358
www.novell.com/linux/security/advisories/2007_15_sr.html
www.securityfocus.com/bid/24949
www.securitytracker.com/id?1018407
www.vupen.com/english/advisories/2007/2563
exchange.xforce.ibmcloud.com/vulnerabilities/35466