Lucene search
FreeBSD2A3BC6AC-E7C6-11E7-A90B-001999F8D30BHistoryDec 12, 2017 - 12:00 a.m.
asterisk -- Crash in PJSIP resource when missing a contact header
2017-12-1200:00:00
vuxml.freebsd.org
10
0.929 High
EPSS
Percentile
99.0%
The Asterisk project reports:
A select set of SIP messages create a dialog in Asterisk.
Those SIP messages must contain a contact header. For
those messages, if the header was not present and using
the PJSIP channel driver, it would cause Asterisk to
crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication
is enabled a user would have to first be authorized before
reaching the crash point.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | asterisk13 | < 13.18.5 | UNKNOWN |
Related
openvas
openvas
Fedora Update for asterisk FEDORA-2017-41242dfe10
2018-01-10 00:00:00
Asterisk DoS Vulnerability
2018-01-04 00:00:00
Fedora Update for asterisk FEDORA-2018-cf1dd2166b
2018-05-31 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: asterisk-14.7.5-1.fc27
2018-01-10 02:15:00
[SECURITY] Fedora 27 Update: asterisk-14.7.6-2.fc27
2018-05-30 14:32:54
nessus
nessus
Asterisk 13.x < 13.18.5 / 14.x < 14.7.5 / 15.x < 15.1.5 / 13.13 < 13.18-cert2 Crash in PJSIP (AST-2017-014)
2018-01-04 00:00:00
Fedora 27 : asterisk (2017-41242dfe10)
2018-01-15 00:00:00
osv
osv
CVE-2017-17850
2017-12-27 17:08:20
cvelist
cvelist
CVE-2017-17850
2017-12-23 00:00:00
cve
cve
CVE-2017-17850
2017-12-27 17:08:00
ubuntucve
ubuntucve
CVE-2017-17850
2017-12-27 00:00:00
prion
prion
Authentication flaw
2017-12-27 17:08:00
debiancve
debiancve
CVE-2017-17850
2017-12-27 17:08:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2018-11-24 00:00:00