Unrated severityNVD Advisory· Published Jul 18, 2007· Updated Apr 23, 2026

CVE-2007-3765

Description

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.

Affected products

Asterisk/Asterisk31 versions
cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*
Asterisk/Asterisk Appliance Developer Kit
cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*
Range: <=0.4
Asterisk/Asterisknow2 versions
cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
Asterisk/S800i Appliance2 versions
cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*
- cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ftp.digium.com/pub/asa/ASA-2007-017.pdfnvdPatchVendor Advisory
secunia.com/advisories/26099nvd
www.securityfocus.com/bid/24950nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/2563nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35480nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000