7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.149 Low
EPSS
Percentile
95.8%
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and
1.0.x before 1.0.11 allows remote attackers to cause a denial of service
(crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames,
which bypasses a length check and leads to a buffer overflow involving
negative length check. NOTE: the vendor advisory claims that only a DoS is
possible, but the original researcher is reliable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | asterisk | < 1.2.7.1.dfsg-2ubuntu3.4 | UNKNOWN |
ubuntu | 6.10 | noarch | asterisk | < 1.2.12.1.dfsg-1ubuntu1.4 | UNKNOWN |
ubuntu | 7.04 | noarch | asterisk | < 1.2.16~dfsg-1ubuntu3.1 | UNKNOWN |
ubuntu | 7.10 | noarch | asterisk | < 1.4.11~dfsg-1 | UNKNOWN |
ubuntu | 8.04 | noarch | asterisk | < 1.4.11~dfsg-1 | UNKNOWN |
ubuntu | 8.10 | noarch | asterisk | < 1.4.11~dfsg-1 | UNKNOWN |
ubuntu | 9.04 | noarch | asterisk | < 1.4.11~dfsg-1 | UNKNOWN |
ubuntu | 9.10 | noarch | asterisk | < 1.4.11~dfsg-1 | UNKNOWN |
ubuntu | 6.10 | noarch | zaptel | < 1.2.8.dfsg-1 | UNKNOWN |
ubuntu | 7.04 | noarch | zaptel | < 1.2.8.dfsg-1 | UNKNOWN |