- Description
- The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC58B8ED-82EB-4AD1-ADF9-97BAB073D19D",
"versionEndIncluding": "1.4.4_2007-04-27"
}
],
"operator": "OR"
}
]
}
]