CVE-2009-4055 in Ubuntu

CVE-2009-4055

Priority

Description

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1,
1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition
B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3;
and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of
service (daemon crash) via an RTP comfort noise payload with a long data
length.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055
http://downloads.digium.com/pub/security/AST-2009-010.html

Bugs

https://issues.asterisk.org/view.php?id=16242

Notes

Package

Source: asterisk (LP Ubuntu Debian)

Upstream:	released (1:1.6.2.0~rc7-1)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1:1.6.2.2-1ubuntu2)

Patches:

Upstream:	http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt
Debdiff:	https://bugs.launchpad.net/ubuntu/karmic/+source/asterisk/+bug/491632

More Information

Updated: 2022-02-10 23:39:27 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)