CVE-2007-3762
EPSS 10.2%
Description
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
How to fix CVE-2007-3762
To remediate CVE-2007-3762, upgrade the affected package to a fixed version below.
- Debian/asterisk—upgrade to 1:1.4.8~dfsg-1 or later
Is CVE-2007-3762 being exploited?
Moderate — EPSS is 10.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:1.4.8~dfsg-1