FKIE_CVE-2007-2297

Vulnerability from fkie_nvd - Published: 2007-04-26 20:19 - Updated: 2026-04-23 00:35
Severity
Summary
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
References
cve@mitre.orghttp://bugs.digium.com/view.php?id=9313
cve@mitre.orghttp://secunia.com/advisories/25582
cve@mitre.orghttp://securityreason.com/securityalert/2644
cve@mitre.orghttp://www.asterisk.org/files/ASA-2007-011.pdf
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1358
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_34_asterisk.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/466882/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24359
cve@mitre.orghttp://www.securitytracker.com/id?1017954Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33892
af854a3a-2127-422b-91ae-364da2661108http://bugs.digium.com/view.php?id=9313
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25582
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2644
af854a3a-2127-422b-91ae-364da2661108http://www.asterisk.org/files/ASA-2007-011.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1358
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/466882/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24359
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017954Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33892
Impacted products
Vendor Product Version
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.10
asterisk asterisk 1.2.11
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.1
asterisk asterisk 1.4.2
asterisk asterisk 1.4_beta
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash)."
    },
    {
      "lang": "es",
      "value": "El SIP channel driver (chan_sip) del Asterisk anterior al 1.2.18 y el 1.4.x anterior al 1.4.3 no analiza sint\u00e1cticamente de forma correcta los paquetes SIP UDP que no contienen un c\u00f3digo de respuesta v\u00e1lido, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda)."
    }
  ],
  "id": "CVE-2007-2297",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-26T20:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.digium.com/view.php?id=9313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25582"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2644"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/id?1017954"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.digium.com/view.php?id=9313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.asterisk.org/files/ASA-2007-011.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/466882/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/id?1017954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33892"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.