Published: 17/04/2017 Updated: 25/04/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

chain_sip in Asterisk Open Source 11.x prior to 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 prior to 11.6-cert15 and 13.8 prior to 13.8-cert3 allows remote malicious users to cause a denial of service (port exhaustion).

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk 11.0.0
digium asterisk 11.0.1
digium asterisk 11.0.2
digium asterisk 11.1.0
digium asterisk 11.6.0
digium asterisk 11.6.1
digium asterisk 11.7.0
digium asterisk 11.8.0
digium asterisk 11.15.0
digium asterisk 11.15.1
digium asterisk 11.16.0
digium asterisk 11.17.0
digium asterisk 13.0.0
digium asterisk 13.0.1
digium asterisk 13.7.2
digium asterisk 13.8.0
digium asterisk 13.8.1
digium asterisk 11.1.1
digium asterisk 11.3.0
digium asterisk 11.5.0
digium asterisk 11.9.0
digium asterisk 11.10.1
digium asterisk 11.13.0
digium asterisk 11.14.0
digium asterisk 11.14.2
digium asterisk 11.17.1
digium asterisk 11.19.0
digium asterisk 11.23.0
digium asterisk 13.0.2
digium asterisk 13.1.1
digium asterisk 13.2.1
digium asterisk 13.5.0
digium asterisk 13.7.0
digium asterisk 13.9.0
digium asterisk 13.10.0
digium asterisk 11.2.0
digium asterisk 11.2.1
digium asterisk 11.2.2
digium asterisk 11.10.2
digium asterisk 11.11.0
digium asterisk 11.12.0
digium asterisk 11.12.1
digium asterisk 11.21.0
digium asterisk 11.21.1
digium asterisk 11.21.2
digium asterisk 11.22.0
digium asterisk 13.3.0
digium asterisk 13.3.1
digium asterisk 13.3.2
digium asterisk 13.4.0
digium asterisk 13.11.0
digium asterisk 11.1.2
digium asterisk 11.4.0
digium asterisk 11.5.1
digium asterisk 11.8.1
digium asterisk 11.10.0
digium asterisk 11.13.1
digium asterisk 11.14.1
digium asterisk 11.18.0
digium asterisk 11.20.0
digium asterisk 13.1.0
digium asterisk 13.2.0
digium asterisk 13.6.0
digium asterisk 13.7.1
digium asterisk 13.8.2
digium asterisk 13.9.1
digium certified asterisk 13.8
digium certified asterisk 11.6
digium certified asterisk 13.8.0
digium certified asterisk 11.6.0
debian debian linux 8.0

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation For the stable distribution (jessie), these problems have been fixed in version 1:11131~dfsg-2+deb8u1 For the unstable distribution (sid), these problems will be fixed soo ...

Debian Bug report logs - #838833 asterisk: CVE-2016-7550: AST-2016-006 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Sep 2016 15:03:02 UTC Severity: grave Tags: security, upstre ...

Debian Bug report logs - #838832 asterisk: chan_sip: File descriptors leak (UDP sockets) / AST-2016-007, CVE-2016-7551 Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Sep 2016 15:0 ...

Debian Bug report logs - #782411 asterisk: CVE-2015-3008: TLS Certificate Common name NULL byte exploit Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 Apr 2015 17:57:02 UTC Sever ...

CWE-399 https://issues.asterisk.org/jira/browse/ASTERISK-26272 https://bugzilla.redhat.com/show_bug.cgi?id=1374733 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 http://www.debian.org/security/2016/dsa-3700 http://downloads.asterisk.org/pub/security/AST-2016-007.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3700

CVE-2016-7551

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect