CVE-2007-4455
EPSS 5.2%
Description
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
How to fix CVE-2007-4455
To remediate CVE-2007-4455, upgrade the affected package to a fixed version below.
- Debian/asterisk—upgrade to 1:1.4.11~dfsg-1 or later
Is CVE-2007-4455 being exploited?
Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:1.4.11~dfsg-1