CVSS: 7.8EPSS: 4%CPEs: 37EXPL: 0CVE-2007-1594
https://notcve.org/view.php?id=CVE-2007-1594
22 Mar 2007 — The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. • http://bugs.digium.com/view.php?id=9313 •
CVSS: 7.8EPSS: 18%CPEs: 18EXPL: 1CVE-2007-1306 – Asterisk 1.2.15/1.4.0 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1306
07 Mar 2007 — Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. Asterisk versiones 1.4 anteriores a 1.4.1 y versiones 1.2 anteriores a 1.2.16, permite a atacantes remotos causar una denegación de servicio (bloqueo) enviando un paquete de Session Initiation Protocol (SIP) sin una URI y Encabezado SIP-version, lo que resulta en un... • https://www.exploit-db.com/exploits/3407 •
CVSS: 9.8EPSS: 88%CPEs: 26EXPL: 2CVE-2006-5444 – Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-5444
23 Oct 2006 — Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en... • https://www.exploit-db.com/exploits/2597 •
CVSS: 7.8EPSS: 11%CPEs: 13EXPL: 0CVE-2006-5445
https://notcve.org/view.php?id=CVE-2006-5445
23 Oct 2006 — Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. Vulnerabilidad no especificada en el controlador de canal SIP (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos ... • http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0761
https://notcve.org/view.php?id=CVE-2003-0761
12 Sep 2003 — Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. Desbordamiento de búfer en el get_msg_text de chan_sip.c en el protocolo de iniciación de sesión de entregas de Asterisk anteriores al 15/08/2003, permite a atacantes remotos ejecutar código arbitrario mediante ciertas peticiones MESSAGE o INFO. • http://www.atstake.com/research/advisories/2003/a090403-1.txt •