Yate · Yate · CVE-2007-1693
Name of the Vulnerable Software and Affected Versions:
Yate versions prior to 1.2.0
Description:
The issue is related to the SIP channel module in Yate, where an incorrect variable is used to set the `caller info uri` parameter. This variable can be NULL, allowing remote attackers to cause a denial of service by sending a Call-Info header without a purpose parameter, resulting in a NULL dereference and application crash.
Recommendations:
For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIP channel module to minimize the risk of exploitation.