Vulnerability Description
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sangoma | Asterisk | 13.0.0 |
| Asterisk | Certified Asterisk | 13.13.0 |
Related Weaknesses (CWE)
References
- http://downloads.asterisk.org/pub/security/AST-2017-004.txtThird Party Advisory
- http://www.securityfocus.com/bid/98573Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038531
- https://bugs.debian.org/863906Mailing ListThird Party Advisory
- http://downloads.asterisk.org/pub/security/AST-2017-004.txtThird Party Advisory
- http://www.securityfocus.com/bid/98573Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038531
- https://bugs.debian.org/863906Mailing ListThird Party Advisory
FAQ
What is CVE-2017-9358?
CVE-2017-9358 is a vulnerability with a CVSS score of 7.5 (HIGH). A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially...
How severe is CVE-2017-9358?
CVE-2017-9358 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9358?
Check the references section above for vendor advisories and patch information. Affected products include: Sangoma Asterisk, Asterisk Certified Asterisk.