Unrated severityNVD Advisory· Published Mar 21, 2007· Updated Apr 23, 2026

CVE-2007-1561

Description

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.

Affected products

Asterisk/Asterisk4 versions
cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/23031nvdPatch
asterisk.org/node/48339nvd
marc.infonvd
secunia.com/advisories/24564nvd
secunia.com/advisories/24719nvd
secunia.com/advisories/25582nvd
security.gentoo.org/glsa/glsa-200704-01.xmlnvd
voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.htmlnvd
www.debian.org/security/2007/dsa-1358nvd
www.novell.com/linux/security/advisories/2007_34_asterisk.htmlnvd
www.osvdb.org/34479nvd
www.securityfocus.com/archive/1/463434/100/0/threadednvd
www.securitytracker.com/idnvd
www.sineapps.com/news.phpnvd
www.vupen.com/english/advisories/2007/1039nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33068nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000