Lucene search
MitreCVE-2017-14098HistorySep 02, 2017 - 4:29 p.m.
CVE-2017-14098
2017-09-0216:29:00
CWE-20
mitre
web.nvd.nist.gov
59
pjsip
asterisk
cve-2017-14098
security
vulnerability
crash
tel uri
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.3
Confidence
High
EPSS
0.927
Percentile
99.0%
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
Affected configurations
Node
digiumasteriskMatch13.0.0lts
ORdigiumasteriskMatch13.0.0beta1
ORdigiumasteriskMatch13.0.0beta2
ORdigiumasteriskMatch13.0.0beta3
ORdigiumasteriskMatch13.0.1
ORdigiumasteriskMatch13.0.2
ORdigiumasteriskMatch13.1.0
ORdigiumasteriskMatch13.1.0rc1
ORdigiumasteriskMatch13.1.0rc2
ORdigiumasteriskMatch13.1.1
ORdigiumasteriskMatch13.2.0
ORdigiumasteriskMatch13.2.0rc1
ORdigiumasteriskMatch13.2.1
ORdigiumasteriskMatch13.3.0rc1
ORdigiumasteriskMatch13.3.2
ORdigiumasteriskMatch13.4.0
ORdigiumasteriskMatch13.4.0rc1
ORdigiumasteriskMatch13.5.0
ORdigiumasteriskMatch13.5.0rc1
ORdigiumasteriskMatch13.6.0rc1
ORdigiumasteriskMatch13.7.0rc1
ORdigiumasteriskMatch13.7.0rc2
ORdigiumasteriskMatch13.7.1
ORdigiumasteriskMatch13.7.2
ORdigiumasteriskMatch13.8.0
ORdigiumasteriskMatch13.8.0rc1
ORdigiumasteriskMatch13.8.1
ORdigiumasteriskMatch13.8.2
ORdigiumasteriskMatch13.9.0
ORdigiumasteriskMatch13.9.1
ORdigiumasteriskMatch13.10.0
ORdigiumasteriskMatch13.10.0rc1
ORdigiumasteriskMatch13.11.0
ORdigiumasteriskMatch13.11.1
ORdigiumasteriskMatch13.11.2
ORdigiumasteriskMatch13.12
ORdigiumasteriskMatch13.12.0
ORdigiumasteriskMatch13.12.1
ORdigiumasteriskMatch13.12.2
ORdigiumasteriskMatch13.13
ORdigiumasteriskMatch13.13.0
ORdigiumasteriskMatch13.13.1
ORdigiumasteriskMatch13.14.0
ORdigiumasteriskMatch13.14.0rc1
ORdigiumasteriskMatch13.14.0rc2
ORdigiumasteriskMatch13.14.1
ORdigiumasteriskMatch13.15.0
ORdigiumasteriskMatch13.15.0rc1
ORdigiumasteriskMatch13.15.0rc2
ORdigiumasteriskMatch13.15.0rc3
ORdigiumasteriskMatch13.15.1
ORdigiumasteriskMatch13.16.0
ORdigiumasteriskMatch13.16.0rc1
ORdigiumasteriskMatch13.16.0rc2
ORdigiumasteriskMatch13.17.0
ORdigiumasteriskMatch13.17.0rc1
Node
digiumasteriskMatch14.0
ORdigiumasteriskMatch14.0.0
ORdigiumasteriskMatch14.0.0beta1
ORdigiumasteriskMatch14.0.0beta2
ORdigiumasteriskMatch14.0.0rc1
ORdigiumasteriskMatch14.0.0rc2
ORdigiumasteriskMatch14.0.1
ORdigiumasteriskMatch14.0.2
ORdigiumasteriskMatch14.1
ORdigiumasteriskMatch14.01
ORdigiumasteriskMatch14.1.0
ORdigiumasteriskMatch14.1.1
ORdigiumasteriskMatch14.1.2
ORdigiumasteriskMatch14.02
ORdigiumasteriskMatch14.2
ORdigiumasteriskMatch14.2.0
ORdigiumasteriskMatch14.2.1
ORdigiumasteriskMatch14.3.0
ORdigiumasteriskMatch14.3.0rc1
ORdigiumasteriskMatch14.3.0rc2
ORdigiumasteriskMatch14.3.1
ORdigiumasteriskMatch14.4.0
ORdigiumasteriskMatch14.4.0rc1
ORdigiumasteriskMatch14.4.0rc2
ORdigiumasteriskMatch14.4.0rc3
ORdigiumasteriskMatch14.4.1
ORdigiumasteriskMatch14.5.0
ORdigiumasteriskMatch14.5.0rc1
ORdigiumasteriskMatch14.5.0rc2
ORdigiumasteriskMatch14.6.0
ORdigiumasteriskMatch14.6.0rc1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| digium | asterisk | 13.0.0 | cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:* |
| digium | asterisk | 13.0.0 | cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:* |
| digium | asterisk | 13.0.0 | cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:* |
| digium | asterisk | 13.0.0 | cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:* |
| digium | asterisk | 13.0.1 | cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:* |
| digium | asterisk | 13.0.2 | cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:* |
| digium | asterisk | 13.1.0 | cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:* |
| digium | asterisk | 13.1.0 | cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:* |
| digium | asterisk | 13.1.0 | cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:* |
| digium | asterisk | 13.1.1 | cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:* |
Related
freebsd
freebsd
asterisk -- Remote Crash Vulerability in res_pjsip
2017-08-31 00:00:00
ubuntucve
ubuntucve
CVE-2017-14098
2017-09-02 00:00:00
cvelist
cvelist
CVE-2017-14098
2017-09-02 16:00:00
openvas
openvas
Asterisk DoS Vulnerability (AST-2017-007)
2017-09-01 00:00:00
prion
prion
Code injection
2017-09-02 16:29:00
nvd
nvd
CVE-2017-14098
2017-09-02 16:29:00
osv
osv
CVE-2017-14098
2017-09-02 16:29:00
debiancve
debiancve
CVE-2017-14098
2017-09-02 16:29:00
nessus
nessus
FreeBSD : asterisk -- Remote Crash Vulerability in res_pjsip (ec1df2a1-8ee6-11e7-8be8-001999f8d30b)
2017-09-05 00:00:00
Asterisk 11.x < 11.25.2 / 11.6 < 11.6-cert17 / 13.x < 13.17.1 / 14.x < 14.6.1 / 13.13 < 13.13-cert5 Multiple Vulnerabilities (AST-2017-005 - AST-2017-007)
2017-09-05 00:00:00
GLSA-201710-29 : Asterisk: Multiple vulnerabilities
2017-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk non-SIP URIs Denial-of-Service (CVE-2017-14098)
2017-09-27 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2017-10-29 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.3
Confidence
High
EPSS
0.927
Percentile
99.0%
Related for CVE-2017-14098