CVE-2007-4280
EPSS 3.5%
Description
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
How to fix CVE-2007-4280
To remediate CVE-2007-4280, upgrade the affected package to a fixed version below.
- Debian/asterisk—upgrade to 1:1.4.10~dfsg-1 or later
Is CVE-2007-4280 being exploited?
Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.4.10~dfsg-1