CVE-2009-4055

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.2.x through 1.2.36 Asterisk Open Source versions 1.4.x through 1.4.27 Asterisk Open Source versions 1.6.0.x through 1.6.0.18 Asterisk Open Source versions 1.6.1.x through 1.6.1.10 Asterisk Business Edition versions B.x.x through B.2.5.12 Asterisk Business Edition versions C.2.x.x through C.2.4.5 Asterisk Business Edition versions C.3.x.x through C.3.2.2 s800i versions 1.3.x through 1.3.0.5

Description The issue allows remote attackers to cause a denial of service via an RTP comfort noise payload with a long data length, resulting in a daemon crash.

Recommendations For Asterisk Open Source versions 1.2.x through 1.2.36, update to version 1.2.37 or later. For Asterisk Open Source versions 1.4.x through 1.4.27, update to version 1.4.27.1 or later. For Asterisk Open Source versions 1.6.0.x through 1.6.0.18, update to version 1.6.0.19 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.10, update to version 1.6.1.11 or later. For Asterisk Business Edition versions B.x.x through B.2.5.12, update to version B.2.5.13 or later. For Asterisk Business Edition versions C.2.x.x through C.2.4.5, update to version C.2.4.6 or later. For Asterisk Business Edition versions C.3.x.x through C.3.2.2, update to version C.3.2.3 or later. For s800i versions 1.3.x through 1.3.0.5, update to version 1.3.0.6 or later.