Vulnerability-Lookup

CVE-2017-9358 (GCVE-0-2017-9358)

Vulnerability from cvelistv5 – Published: 2017-06-02 05:04 – Updated: 2024-08-05 17:02

Summary

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
http://www.securitytracker.com/id/1038531	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/98573	vdb-entryx_refsource_BID
http://downloads.asterisk.org/pub/security/AST-20…	x_refsource_CONFIRM
https://bugs.debian.org/863906	x_refsource_CONFIRM

Date Public

2017-06-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038531",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038531"
          },
          {
            "name": "98573",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98573"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/863906"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-26T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038531",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038531"
        },
        {
          "name": "98573",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98573"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/863906"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038531",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038531"
            },
            {
              "name": "98573",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98573"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
            },
            {
              "name": "https://bugs.debian.org/863906",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/863906"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9358",
    "datePublished": "2017-06-02T05:04:00.000Z",
    "dateReserved": "2017-06-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:02:44.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-9358",
      "date": "2026-05-27",
      "epss": "0.01188",
      "percentile": "0.79074"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0789649-4E5D-4DC1-9B01-B294B6151085\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46940409-0771-4ED6-B352-1A43C6208627\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BA0EB47-07D8-4B65-BD62-EA2B68D64AB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B90E3BEB-E683-4F71-A6C8-A1BD53CD6D71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56E29780-8E4A-4CEF-9240-A9AED9BB06AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"715E2B71-425F-42F7-B713-8CC644B1C58A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.3.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"97507DA4-6B96-4470-9FFC-DFABED357A55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCC1991F-9E49-4DAB-B60A-3B172D0F86A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.4.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7535B8C1-419E-4E81-9955-7B7FE97FBAA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7B22660-489A-4A62-BA61-7E3B153DE7FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.5.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"47134DA6-5D36-43CF-88A4-9142C9497025\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.6.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"803258B5-6EF8-4541-B482-00B34668A46E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D9E6F48-96AD-44A0-8E4F-C65E9F82F089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.7.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"70485694-089D-4DF5-AC81-5CABBA5A332E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88DD3F8C-ACA3-460F-A024-A430D9A9F63C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.8.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A3FBACC-C61F-46A6-8C49-8268F6E3F3EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57094FDA-FDEE-4C5F-BDAB-B4C14E212E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DC918B9-BCE7-4310-B385-77B3D9F398FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F42641E1-527B-4A2F-B36A-151C1B769AF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.9.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F1B7AA0-A5BC-47B7-BAB7-94C18A975938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.10.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAE04147-C3D3-4C80-AD27-1A24498DBB07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.11.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"58CE7E95-CC54-4509-8B3F-22498E0FB6F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EEE9C24-FDC9-4675-A912-24100B48C77C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.12.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF5F5C49-B1F3-43EF-A46B-0B1D6921FD78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2861956E-7C8F-4A6A-9DC3-E23B12FDFDF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6097525-B5D5-4ACE-B26E-E976E30D6E80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.13.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1FC6424-B774-4E3F-B835-72296C37C4EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.14.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEC6D5F3-B6C5-4B35-9EDE-FCBC808D4C6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:13.15.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"589E43EA-6873-48CE-AB83-D3A42E6D8B68\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69C489FB-3A83-42D7-94A9-3C7D5B8F980C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DDBE806-CDD5-4981-B575-9EB58816CD7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9676683-14B7-4489-9D18-C37365C323D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"660E2F8C-A674-44EE-99AC-80E57A0681C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"6949CB9E-8282-4E9D-9DD0-889E3181C845\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B54BB82E-92EF-4D75-8E62-10CDC7C526DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E759A991-D72D-4FCA-B4F5-3B51D63A31D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4E1A5B3-8385-4376-A145-1E1CC0E80818\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E4E78FF-000E-4DA8-8539-2C5507C09BB8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CF4B65D-016F-4306-B1AC-AA83B6049D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C2B545C-0A70-405C-8610-24ADE6740549\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B2609D7-C5E8-42C7-A456-F01051A99A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9707B21-1F6F-4817-8ABC-8FA88670B21F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A7E5B97-8A5F-4059-8363-F42A2BF5A0EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D3283C6-3223-41B0-B823-1BCD23AA05FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4011C14B-5338-4E13-A2F3-0E585425D5E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CD51694-6DCD-4B5B-B062-DFA3BAA98DC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7277A774-C370-4787-B84C-6F4AC55A3487\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.3.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E216708E-5BEE-4E03-93EA-6B013B439E32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sangoma:asterisk:14.4.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"61028A13-37B5-4BC9-8EFB-D2465B9DECCD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podr\\u00eda llevarse a cabo mediante el env\\u00edo de paquetes SCCP especialmente manipulados que provocar\\u00edan un bucle infinito y dar\\u00edan lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle).\"}]",
      "id": "CVE-2017-9358",
      "lastModified": "2024-11-21T03:35:54.630",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-02T05:29:00.700",
      "references": "[{\"url\": \"http://downloads.asterisk.org/pub/security/AST-2017-004.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/98573\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038531\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.debian.org/863906\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://downloads.asterisk.org/pub/security/AST-2017-004.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/98573\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.debian.org/863906\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9358\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-06-02T05:29:00.700\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podr\u00eda llevarse a cabo mediante el env\u00edo de paquetes SCCP especialmente manipulados que provocar\u00edan un bucle infinito y dar\u00edan lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0789649-4E5D-4DC1-9B01-B294B6151085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46940409-0771-4ED6-B352-1A43C6208627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA0EB47-07D8-4B65-BD62-EA2B68D64AB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B90E3BEB-E683-4F71-A6C8-A1BD53CD6D71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56E29780-8E4A-4CEF-9240-A9AED9BB06AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"715E2B71-425F-42F7-B713-8CC644B1C58A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"97507DA4-6B96-4470-9FFC-DFABED357A55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC1991F-9E49-4DAB-B60A-3B172D0F86A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7535B8C1-419E-4E81-9955-7B7FE97FBAA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B22660-489A-4A62-BA61-7E3B153DE7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"47134DA6-5D36-43CF-88A4-9142C9497025\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"803258B5-6EF8-4541-B482-00B34668A46E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9E6F48-96AD-44A0-8E4F-C65E9F82F089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"70485694-089D-4DF5-AC81-5CABBA5A332E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88DD3F8C-ACA3-460F-A024-A430D9A9F63C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.8.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A3FBACC-C61F-46A6-8C49-8268F6E3F3EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57094FDA-FDEE-4C5F-BDAB-B4C14E212E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DC918B9-BCE7-4310-B385-77B3D9F398FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F42641E1-527B-4A2F-B36A-151C1B769AF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.9.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F1B7AA0-A5BC-47B7-BAB7-94C18A975938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.10.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAE04147-C3D3-4C80-AD27-1A24498DBB07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.11.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"58CE7E95-CC54-4509-8B3F-22498E0FB6F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EEE9C24-FDC9-4675-A912-24100B48C77C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.12.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF5F5C49-B1F3-43EF-A46B-0B1D6921FD78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2861956E-7C8F-4A6A-9DC3-E23B12FDFDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6097525-B5D5-4ACE-B26E-E976E30D6E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1FC6424-B774-4E3F-B835-72296C37C4EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.14.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC6D5F3-B6C5-4B35-9EDE-FCBC808D4C6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:13.15.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"589E43EA-6873-48CE-AB83-D3A42E6D8B68\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69C489FB-3A83-42D7-94A9-3C7D5B8F980C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DDBE806-CDD5-4981-B575-9EB58816CD7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9676683-14B7-4489-9D18-C37365C323D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"660E2F8C-A674-44EE-99AC-80E57A0681C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6949CB9E-8282-4E9D-9DD0-889E3181C845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B54BB82E-92EF-4D75-8E62-10CDC7C526DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E759A991-D72D-4FCA-B4F5-3B51D63A31D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4E1A5B3-8385-4376-A145-1E1CC0E80818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E4E78FF-000E-4DA8-8539-2C5507C09BB8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CF4B65D-016F-4306-B1AC-AA83B6049D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2B545C-0A70-405C-8610-24ADE6740549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B2609D7-C5E8-42C7-A456-F01051A99A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9707B21-1F6F-4817-8ABC-8FA88670B21F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7E5B97-8A5F-4059-8363-F42A2BF5A0EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D3283C6-3223-41B0-B823-1BCD23AA05FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4011C14B-5338-4E13-A2F3-0E585425D5E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CD51694-6DCD-4B5B-B062-DFA3BAA98DC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7277A774-C370-4787-B84C-6F4AC55A3487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E216708E-5BEE-4E03-93EA-6B013B439E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:14.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"61028A13-37B5-4BC9-8EFB-D2465B9DECCD\"}]}]}],\"references\":[{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2017-004.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98573\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038531\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.debian.org/863906\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2017-004.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.debian.org/863906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2017-09219

Vulnerability from cnvd - Published: 2017-06-12

Title

Digium Asterisk Open Source和Certified Asterisk拒绝服务漏洞

Description

Digium Asterisk Open Source和Certified Asterisk都是美国Digium公司的开源电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source和Certified Asterisk中存在拒绝服务漏洞。攻击者可通过发送特制的SCCP数据包利用该漏洞造成拒绝服务（无限循环和内存耗尽）。

Severity

中

Patch Name

Digium Asterisk Open Source和Certified Asterisk拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://downloads.asterisk.org/pub/security/AST-2017-004.txt

Reference

https://bugs.debian.org/863906

Impacted products

Name
['Digium Asterisk Open Source 13.x<13.15.1', 'Digium Asterisk Open Source 14.x<14.4.1', 'Digium Certified Asterisk 13.13<13.13-cert4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9358"
    }
  },
  "description": "Digium Asterisk Open Source\u548cCertified Asterisk\u90fd\u662f\u7f8e\u56fdDigium\u516c\u53f8\u7684\u5f00\u6e90\u7535\u8bdd\u4ea4\u6362\u673a\uff08PBX\uff09\u7cfb\u7edf\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bed\u97f3\u4fe1\u7bb1\u3001\u591a\u65b9\u8bed\u97f3\u4f1a\u8bae\u3001\u4ea4\u4e92\u5f0f\u8bed\u97f3\u5e94\u7b54(IVR)\u7b49\u3002\r\n\r\nDigium Asterisk Open Source\u548cCertified Asterisk\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SCCP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65e0\u9650\u5faa\u73af\u548c\u5185\u5b58\u8017\u5c3d\uff09\u3002",
  "discovererName": "Sandro Gauci",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://downloads.asterisk.org/pub/security/AST-2017-004.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09219",
  "openTime": "2017-06-12",
  "patchDescription": "Digium Asterisk Open Source\u548cCertified Asterisk\u90fd\u662f\u7f8e\u56fdDigium\u516c\u53f8\u7684\u5f00\u6e90\u7535\u8bdd\u4ea4\u6362\u673a\uff08PBX\uff09\u7cfb\u7edf\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bed\u97f3\u4fe1\u7bb1\u3001\u591a\u65b9\u8bed\u97f3\u4f1a\u8bae\u3001\u4ea4\u4e92\u5f0f\u8bed\u97f3\u5e94\u7b54(IVR)\u7b49\u3002\r\n\r\nDigium Asterisk Open Source\u548cCertified Asterisk\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SCCP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65e0\u9650\u5faa\u73af\u548c\u5185\u5b58\u8017\u5c3d\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Digium Asterisk Open Source\u548cCertified Asterisk\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Digium Asterisk Open Source 13.x\u003c13.15.1",
      "Digium Asterisk Open Source 14.x\u003c14.4.1",
      "Digium Certified Asterisk 13.13\u003c13.13-cert4"
    ]
  },
  "referenceLink": "https://bugs.debian.org/863906",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-05",
  "title": "Digium Asterisk Open Source\u548cCertified Asterisk\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2017-9358

Vulnerability from fkie_nvd - Published: 2017-06-02 05:29 - Updated: 2026-05-13 00:24

Severity

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2017-004.txt	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/98573	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1038531
cve@mitre.org	https://bugs.debian.org/863906	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2017-004.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98573	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038531
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/863906	Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
sangoma	asterisk	13.0.0
sangoma	asterisk	13.1.0
sangoma	asterisk	13.1.0
sangoma	asterisk	13.1.0
sangoma	asterisk	13.2.0
sangoma	asterisk	13.2.0
sangoma	asterisk	13.3.0
sangoma	asterisk	13.4.0
sangoma	asterisk	13.4.0
sangoma	asterisk	13.5.0
sangoma	asterisk	13.5.0
sangoma	asterisk	13.6.0
sangoma	asterisk	13.7.0
sangoma	asterisk	13.7.0
sangoma	asterisk	13.8.0
sangoma	asterisk	13.8.0
sangoma	asterisk	13.8.1
sangoma	asterisk	13.8.2
sangoma	asterisk	13.9.0
sangoma	asterisk	13.9.0
sangoma	asterisk	13.10.0
sangoma	asterisk	13.11.0
sangoma	asterisk	13.12.0
sangoma	asterisk	13.12.0
sangoma	asterisk	13.12.1
sangoma	asterisk	13.12.2
sangoma	asterisk	13.13.0
sangoma	asterisk	13.14.0
sangoma	asterisk	13.15.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
asterisk	certified_asterisk	13.13.0
sangoma	asterisk	14.0.0
sangoma	asterisk	14.0.0
sangoma	asterisk	14.0.0
sangoma	asterisk	14.0.0
sangoma	asterisk	14.1.0
sangoma	asterisk	14.2.0
sangoma	asterisk	14.2.0
sangoma	asterisk	14.2.0
sangoma	asterisk	14.2.1
sangoma	asterisk	14.3.0
sangoma	asterisk	14.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0789649-4E5D-4DC1-9B01-B294B6151085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46940409-0771-4ED6-B352-1A43C6208627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9BA0EB47-07D8-4B65-BD62-EA2B68D64AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B90E3BEB-E683-4F71-A6C8-A1BD53CD6D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E29780-8E4A-4CEF-9240-A9AED9BB06AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "715E2B71-425F-42F7-B713-8CC644B1C58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "97507DA4-6B96-4470-9FFC-DFABED357A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC1991F-9E49-4DAB-B60A-3B172D0F86A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7535B8C1-419E-4E81-9955-7B7FE97FBAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B22660-489A-4A62-BA61-7E3B153DE7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "47134DA6-5D36-43CF-88A4-9142C9497025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "803258B5-6EF8-4541-B482-00B34668A46E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E6F48-96AD-44A0-8E4F-C65E9F82F089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "70485694-089D-4DF5-AC81-5CABBA5A332E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DD3F8C-ACA3-460F-A024-A430D9A9F63C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9A3FBACC-C61F-46A6-8C49-8268F6E3F3EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57094FDA-FDEE-4C5F-BDAB-B4C14E212E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC918B9-BCE7-4310-B385-77B3D9F398FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42641E1-527B-4A2F-B36A-151C1B769AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F1B7AA0-A5BC-47B7-BAB7-94C18A975938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FAE04147-C3D3-4C80-AD27-1A24498DBB07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "58CE7E95-CC54-4509-8B3F-22498E0FB6F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EEE9C24-FDC9-4675-A912-24100B48C77C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AF5F5C49-B1F3-43EF-A46B-0B1D6921FD78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2861956E-7C8F-4A6A-9DC3-E23B12FDFDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6097525-B5D5-4ACE-B26E-E976E30D6E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B1FC6424-B774-4E3F-B835-72296C37C4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EEC6D5F3-B6C5-4B35-9EDE-FCBC808D4C6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:13.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "589E43EA-6873-48CE-AB83-D3A42E6D8B68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C489FB-3A83-42D7-94A9-3C7D5B8F980C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4DDBE806-CDD5-4981-B575-9EB58816CD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A9676683-14B7-4489-9D18-C37365C323D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "660E2F8C-A674-44EE-99AC-80E57A0681C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
              "matchCriteriaId": "6949CB9E-8282-4E9D-9DD0-889E3181C845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "B54BB82E-92EF-4D75-8E62-10CDC7C526DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "E759A991-D72D-4FCA-B4F5-3B51D63A31D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D4E1A5B3-8385-4376-A145-1E1CC0E80818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3E4E78FF-000E-4DA8-8539-2C5507C09BB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF4B65D-016F-4306-B1AC-AA83B6049D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "8C2B545C-0A70-405C-8610-24ADE6740549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "9B2609D7-C5E8-42C7-A456-F01051A99A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9707B21-1F6F-4817-8ABC-8FA88670B21F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9A7E5B97-8A5F-4059-8363-F42A2BF5A0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D3283C6-3223-41B0-B823-1BCD23AA05FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4011C14B-5338-4E13-A2F3-0E585425D5E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2CD51694-6DCD-4B5B-B062-DFA3BAA98DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7277A774-C370-4787-B84C-6F4AC55A3487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E216708E-5BEE-4E03-93EA-6B013B439E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:14.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "61028A13-37B5-4BC9-8EFB-D2465B9DECCD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podr\u00eda llevarse a cabo mediante el env\u00edo de paquetes SCCP especialmente manipulados que provocar\u00edan un bucle infinito y dar\u00edan lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle)."
    }
  ],
  "id": "CVE-2017-9358",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-02T05:29:00.700",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98573"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1038531"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/863906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/863906"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7X8Q-X29W-WPG4

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47

Details

Severity

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-02T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).",
  "id": "GHSA-7x8q-x29w-wpg4",
  "modified": "2022-05-13T01:47:57Z",
  "published": "2022-05-13T01:47:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9358"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/863906"
    },
    {
      "type": "WEB",
      "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98573"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-9358

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9358

Aliases

CVE-2017-9358

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9358",
    "description": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).",
    "id": "GSD-2017-9358"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9358"
      ],
      "details": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).",
      "id": "GSD-2017-9358",
      "modified": "2023-12-13T01:21:07.297364Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-9358",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038531",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038531"
          },
          {
            "name": "98573",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98573"
          },
          {
            "name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt",
            "refsource": "CONFIRM",
            "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
          },
          {
            "name": "https://bugs.debian.org/863906",
            "refsource": "CONFIRM",
            "url": "https://bugs.debian.org/863906"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.13.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.3.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.12.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.11.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.8.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.15.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.14.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.10.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.9.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.7.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.6.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.3.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:asterisk:open_source:14.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9358"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-835"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/863906",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://bugs.debian.org/863906"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
            },
            {
              "name": "98573",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98573"
            },
            {
              "name": "1038531",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038531"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-06-02T05:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9358 (GCVE-0-2017-9358)

CNVD-2017-09219

FKIE_CVE-2017-9358

GHSA-7X8Q-X29W-WPG4

GSD-2017-9358

Tags

Sightings

Nomenclature