Denial of Service (DoS) Affecting asterisk package, versions [,0.5.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
94.82% (100th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Denial of Service (DoS) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-UNMANAGED-ASTERISK-2371651
  • published26 Jan 2022
  • disclosed18 Jul 2007
  • creditUnknown

Introduced: 18 Jul 2007

CVE-2007-3763  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

Upgrade asterisk to version 0.5.0 or higher.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.

References

CVSS Base Scores

version 3.1