CVE DATABASE / CVE-2007-4103
CVE-2007-4103
CVSS 7.5 · HIGH
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | NONE |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Digium asteriskDigium asterisk appliance developer kit
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://ftp.digium.com/pub/asa/ASA-2007-018.pdf
- http://osvdb.org/38197
- http://secunia.com/advisories/26274
- http://secunia.com/advisories/29051
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://securityreason.com/securityalert/2960
- http://www.securityfocus.com/archive/1/475069/100/0/threaded
- http://www.securityfocus.com/bid/24950
- http://www.securitytracker.com/id?1018472
- http://www.vupen.com/english/advisories/2007/2701
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.