Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2007-1693
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-17 May, 2007 | 20:30
Updated At-29 Nov, 2018 | 15:46

The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
yate
yate
>>yet_another_telephony_engine>>Versions up to 1.1.0(inclusive)
cpe:2.3:a:yate:yet_another_telephony_engine:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://securityreason.com/securityalert/2716cve@mitre.org
Exploit
Third Party Advisory
http://voip.null.ro/cgi-bin/cvsweb.cgi/yate/modules/ysipchan.cppcve@mitre.org
Issue Tracking
Third Party Advisory
http://www.securityfocus.com/archive/1/467289/100/200/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23746cve@mitre.org
Third Party Advisory
VDB Entry
Change History
0Changes found
Details not found