Richard Mudgett discovered that Asterisk did not properly check the length
of input string when setting the user field for PartyB on a CDR. A remote
attacker could use this vulnerability to cause a denial of service (crash)
or potentially execute arbitrary code. (CVE-2017-16671)
Alex Villacis Lasso discovered that Asterisk did not properly check the
length of input string when setting the user field for PartyA on a CDR. A
remote attacker could use this vulnerability to cause a denial of service
(crash) or potentially execute arbitrary code. (CVE-2017-7617)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | asterisk-ooh323 | <Â 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-config | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-dahdi | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-dahdi-dbgsym | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-dbg | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-dbgsym | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-dev | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-doc | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | asterisk-mobile | <Â 1:13.1.0~dfsg-1.1ubuntu4.1 | UNKNOWN |