PT-2007-5636 · Digium · Asterisknow+3
Published
2007-08-22
·
Updated
2017-07-29
·
CVE-2007-4455
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.4.x through 1.4.10
AsteriskNOW versions prior to beta7
Asterisk Appliance Developer Kit versions prior to 0.8.0
s800i (Asterisk Appliance) versions prior to 1.0.3
Description
The issue allows remote attackers to cause a denial of service, specifically memory exhaustion, via a SIP dialog. This occurs when a large number of history entries are created.
Recommendations
For Asterisk Open Source versions 1.4.x through 1.4.10, update to version 1.4.11 or later.
For AsteriskNOW versions prior to beta7, update to beta7 or later.
For Asterisk Appliance Developer Kit versions prior to 0.8.0, update to version 0.8.0 or later.
For s800i (Asterisk Appliance) versions prior to 1.0.3, update to version 1.0.3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asterisk Appliance Developer Kit
Asterisk Open Source
Asterisknow
S800I