CVE-2007-2293

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 1.4.3

Description The issue is related to multiple stack-based buffer overflows in the process sdp function in chan sip.c of the SIP channel T.38 SDP parser. This allows remote attackers to execute arbitrary code via a long T38FaxRateManagement or T38FaxUdpEC SDP parameter in an SIP message, such as the SIP INVITE.

Recommendations For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the length of the T38FaxRateManagement and T38FaxUdpEC SDP parameters in SIP messages to prevent exploitation.