CVE-2007-1693
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
17/05/2007
Last modified:
09/04/2025
Description
The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:yate:yet_another_telephony_engine:*:*:*:*:*:*:*:* | 1.1.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/2716
- http://voip.null.ro/cgi-bin/cvsweb.cgi/yate/modules/ysipchan.cpp
- http://www.securityfocus.com/archive/1/467289/100/200/threaded
- http://www.securityfocus.com/bid/23746
- http://securityreason.com/securityalert/2716
- http://voip.null.ro/cgi-bin/cvsweb.cgi/yate/modules/ysipchan.cpp
- http://www.securityfocus.com/archive/1/467289/100/200/threaded
- http://www.securityfocus.com/bid/23746