CVE-2007-4280
Last modified
CVE-2007-4280 is a vulnerability of currently unknown severity. The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.. EPSS estimates a 1.15% chance of exploitation in the next 30 days.
Description
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk | <= 1.4.9 |
| Asterisk | Asterisk Appliance Developer Kit | <= 0.6.0 |
| Asterisk | Asterisknow | <= beta_6 |
| Asterisk | S800i | <= 1.0.2 |
References
- http://secunia.com/advisories/26340Patch, Vendor Advisory
- http://secunia.com/advisories/26340Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4280?
How severe is CVE-2007-4280?
How do I fix CVE-2007-4280?
Are you affected by CVE-2007-4280?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST