Lucene search

[email protected]NVD:CVE-2017-9358

HistoryJun 02, 2017 - 5:29 a.m.

CVE-2017-9358

2017-06-0205:29:00

CWE-835

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.3%

JSON

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Affected configurations

NVD

Node

asteriskopen_sourceMatch13.0.0

asteriskopen_sourceMatch13.1.0

asteriskopen_sourceMatch13.1.0rc1

asteriskopen_sourceMatch13.1.0rc2

asteriskopen_sourceMatch13.2.0

asteriskopen_sourceMatch13.2.0rc1

asteriskopen_sourceMatch13.3.0rc1

asteriskopen_sourceMatch13.4.0

asteriskopen_sourceMatch13.4.0rc1

asteriskopen_sourceMatch13.5.0

asteriskopen_sourceMatch13.5.0rc1

asteriskopen_sourceMatch13.6.0rc1

asteriskopen_sourceMatch13.7.0

asteriskopen_sourceMatch13.7.0rc1

asteriskopen_sourceMatch13.8.0

asteriskopen_sourceMatch13.8.0rc1

asteriskopen_sourceMatch13.8.1

asteriskopen_sourceMatch13.8.2

asteriskopen_sourceMatch13.9.0

asteriskopen_sourceMatch13.9.0rc1

asteriskopen_sourceMatch13.10.0rc1

asteriskopen_sourceMatch13.11.0rc1

asteriskopen_sourceMatch13.12.0

asteriskopen_sourceMatch13.12.0rc1

asteriskopen_sourceMatch13.12.1

asteriskopen_sourceMatch13.12.2

asteriskopen_sourceMatch13.13.0rc1

asteriskopen_sourceMatch13.14.0rc1

asteriskopen_sourceMatch13.15.0rc1

Node

asteriskcertified_asteriskMatch13.13.0

asteriskcertified_asteriskMatch13.13.0cert1

asteriskcertified_asteriskMatch13.13.0cert1-rc1

asteriskcertified_asteriskMatch13.13.0cert1-rc2

asteriskcertified_asteriskMatch13.13.0cert1-rc3

asteriskcertified_asteriskMatch13.13.0cert1-rc4

asteriskcertified_asteriskMatch13.13.0cert2

asteriskcertified_asteriskMatch13.13.0cert3

asteriskcertified_asteriskMatch13.13.0rc1

asteriskcertified_asteriskMatch13.13.0rc2

Node

asteriskopen_sourceMatch14.0.0

asteriskopen_sourceMatch14.0.0beta1

asteriskopen_sourceMatch14.0.0beta2

asteriskopen_sourceMatch14.0.0rc1

asteriskopen_sourceMatch14.1.0rc1

asteriskopen_sourceMatch14.2.0

asteriskopen_sourceMatch14.2.0rc1

asteriskopen_sourceMatch14.2.0rc2

asteriskopen_sourceMatch14.2.1

asteriskopen_sourceMatch14.3.0rc1

asteriskopen_sourceMatch14.4.0rc1

References

downloads.asterisk.org/pub/security/AST-2017-004.txt

www.securityfocus.com/bid/98573

www.securitytracker.com/id/1038531

bugs.debian.org/863906

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for NVD:CVE-2017-9358

debiancve1 ubuntucve1 prion1 cvelist1 veracode1 osv1 cve1 openvas1