Home > Vulnerability Database > CVE-2007-2488

Mend.io Vulnerability Database

CVE-2007-2488

Date: May 7, 2007

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

Severity Score

9.8

Related Resources (11)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/34085

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2488

Url: http://osvdb.org/35769

Url: http://secunia.com/advisories/25134

Url: http://secunia.com/advisories/25582

Url: http://www.debian.org/security/2007/dsa-1358

Url: http://www.novell.com/linux/security/advisories/2007_34_asterisk.html

Url: http://ftp.digium.com/pub/asa/ASA-2007-013.pdf

Url: http://www.vupen.com/english/advisories/2007/1661

Url: http://www.securityfocus.com/bid/23824

Url: https://www.mend.io/vulnerability-database/CVE-2007-2488

Severity Score

9.8

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-2488

Date: May 7, 2007

Severity Score

Related Resources (11)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?