CVE-2003-0761

Description

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

How to fix CVE-2003-0761

To remediate CVE-2003-0761, upgrade the affected package to a fixed version below.

• Debian/asterisk—upgrade to 0.5.0 or later

Is CVE-2003-0761 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.5.0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2003-0761