CVE-2007-4103
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2007-4103
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-4103.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2007-4103
- Published
- 2007-07-31T10:17:00Z
- Modified
- 2024-11-21T00:34:47Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The IAX2 channel driver (chaniax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an astchannel to be allocated but not released.
- References
-
- http://secunia.com/advisories/26274
- http://secunia.com/advisories/29051
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://www.securityfocus.com/archive/1/475069/100/0/threaded
- http://www.securityfocus.com/bid/24950
- http://www.securitytracker.com/id?1018472
- http://www.vupen.com/english/advisories/2007/2701
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://ftp.digium.com/pub/asa/ASA-2007-018.pdf
- http://osvdb.org/38197
- http://securityreason.com/securityalert/2960
- https://security-tracker.debian.org/tracker/CVE-2007-4103
Affected packages
Debian:11 / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/debian/asterisk?arch=source