Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zr5f-baa7-h3h1

Summary The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.

Aliases

alias	CVE-2007-3763

Fixed_packages

url	pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

url	pkg:ebuild/net-misc/asterisk@1.2.21.1-r1
purl	pkg:ebuild/net-misc/asterisk@1.2.21.1-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/asterisk@1.2.21.1-r1

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3763

reference_id

reference_type

scores

value	0.25182
scoring_system	epss
scoring_elements	0.96282
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4249.rb
reference_id	CVE-2007-3763
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4249.rb

reference_url	https://security.gentoo.org/glsa/200802-11
reference_id	GLSA-200802-11
reference_type
scores
url	https://security.gentoo.org/glsa/200802-11

Weaknesses

Exploits

date_added	2007-07-30
description	Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2007-07-31
exploit_type	dos
platform	multiple
source_date_updated	2016-10-12
data_source	Exploit-DB
source_url

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr5f-baa7-h3h1

Vulnerability Instance