CVE-2007-4924

Ekiga < 2.0.10 and OpenH323 < 2.2.4 - Denial of Service via Invalid SIP Content-Length Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4924. PoCs published by Jose Miguel Esparza.

AI-analyzed exploit summary This exploit sends a malformed SIP INVITE request with an invalid Content-Length header to trigger a denial of service in OpenH323 Opal. The vulnerability arises from improper handling of the Content-Length field, causing a crash or resource exhaustion.

Description

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jose Miguel Esparza · pythondoswindows
https://www.exploit-db.com/exploits/9240

This exploit sends a malformed SIP INVITE request with an invalid Content-Length header to trigger a denial of service in OpenH323 Opal. The vulnerability arises from improper handling of the Content-Length field, causing a crash or resource exhaustion.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: OpenH323 Opal (versions affected by CVE-2007-4924)
No auth needed
Prerequisites: Network access to the target SIP service · UDP port 5060 (or custom port) open and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Various Sources x_refsource_misc
http://www.s21sec.com/avisos/s21sec-037-en.txt
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27118
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27271
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018776
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25955
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27129
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:205
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=296371
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28380
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41637
Patch vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0957.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-562-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482120/30/4500/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3413
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3414
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/9240
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27524
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27128

Scores

EPSS 0.1068
EPSS Percentile 95.3%

Details

CWE
CWE-20
Status published
Products (2)
ekiga/ekiga < 2.0.9
openh323_project/openh323 < 2.2.3
Published Oct 08, 2007
Tracked Since Feb 18, 2026