3 matches found
Digium Asterisk non-SIP URIs Denial-of-Service (CVE-2017-14098)
A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of non-SIP URIs within the sanitizetdata function. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted SIP packets to an Asterisk server...
UBUNTU-CVE-2017-14098
In the pjsip channel driver respjsip in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash...
CVE-2017-14098
CVE-2017-14098 affects the Asterisk pjsip channel driver (res_pjsip). A specially crafted tel URI in a From, To, or Contact header can cause Asterisk to crash. Affected versions are Asterisk 13.x prior to 13.17.1 and 14.x prior to 14.6.1. The vulnerability is demonstrated by crash behavior withou...