CVE-2007-3765

Publication date 18 July 2007

Last updated 17 July 2025

Ubuntu priority

Description

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
asterisk	7.10 gutsy	Fixed 1:1.4.8dfsg-1
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

fujitsu

1.2.x not affected.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-3765