CVE-2007-3763

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 1.2.22 Asterisk versions 1.4.x prior to 1.4.8 Asterisk Business Edition versions prior to B.2.2.1 AsteriskNOW versions prior to beta7 Asterisk Appliance Developer Kit versions prior to 0.5.0 s800i versions prior to 1.0.2

Description The issue allows remote attackers to cause a denial of service (crash) via a crafted frame that contains information elements of IAX frames, resulting in a NULL pointer dereference when the software does not properly set an associated variable. This can occur through a crafted (1) LAGRQ or (2) LAGRP frame.

Recommendations For Asterisk versions prior to 1.2.22, update to version 1.2.22 or later. For Asterisk versions 1.4.x prior to 1.4.8, update to version 1.4.8 or later. For Asterisk Business Edition versions prior to B.2.2.1, update to version B.2.2.1 or later. For AsteriskNOW versions prior to beta7, update to beta7 or later. For Asterisk Appliance Developer Kit versions prior to 0.5.0, update to version 0.5.0 or later. For s800i versions prior to 1.0.2, update to version 1.0.2 or later.