VDB
CVE-2007-1306
CVE-2007-1306
PUBLISHED
CVSS 7.800000190734863 HIGH
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
EPSS 19.70% · 95.6th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
19.70%
95.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| digium | asterisk | 1.2.9, 1.2.0_beta1, 1.2.0_beta2 |
| n/a | n/a | n/a |
Timeline
- Mar 7, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- ADV-2007-0830 vdb
- 22838 vdb
- 33888 vdb
- 24578 third-party-advisory
- http://asterisk.org/node/48319 url
- SUSE-SA:2007:034 vendor-advisory
- http://labs.musecurity.com/advisories/MU-200703-01.txt url
- http://asterisk.org/node/48320 url
- 24380 third-party-advisory
- asterisk-sip-channeldriver-dos(32830) vdb
- GLSA-200703-14 vendor-advisory
- 25582 third-party-advisory
- 1017723 vdb
- VU#228032 third-party-advisory
- DSA-1358 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-1306 advisory