Published: 02/09/2017 Updated: 14/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In the pjsip channel driver (res_pjsip) in Asterisk 13.x prior to 13.17.1 and 14.x prior to 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk 13.16.0
digium asterisk 13.15.0
digium asterisk 13.14.0
digium asterisk 13.0.0
digium asterisk 13.0.2
digium asterisk 13.1.0
digium asterisk 13.3.2
digium asterisk 13.4.0
digium asterisk 13.7.2
digium asterisk 13.8.0
digium asterisk 13.10.0
digium asterisk 13.11.0
digium asterisk 13.13
digium asterisk 13.14.1
digium asterisk 13.1.1
digium asterisk 13.2.0
digium asterisk 13.2.1
digium asterisk 13.3.0
digium asterisk 13.8.1
digium asterisk 13.8.2
digium asterisk 13.9.0
digium asterisk 13.9.1
digium asterisk 13.17.0
digium asterisk 13.0.1
digium asterisk 13.5.0
digium asterisk 13.6.0
digium asterisk 13.7.0
digium asterisk 13.11.2
digium asterisk 13.12
digium asterisk 13.12.0
digium asterisk 13.12.1
digium asterisk 13.12.2
digium asterisk 13.15.1
digium asterisk 13.13.1
digium asterisk 13.7.1
digium asterisk 13.11.1
digium asterisk 13.13.0
digium asterisk 14.5.0
digium asterisk 14.3.0
digium asterisk 14.0.0
digium asterisk 14.0.2
digium asterisk 14.1.2
digium asterisk 14.02
digium asterisk 14.3.1
digium asterisk 14.4.0
digium asterisk 14.01
digium asterisk 14.1
digium asterisk 14.1.0
digium asterisk 14.1.1
digium asterisk 14.6.0
digium asterisk 14.0
digium asterisk 14.4.1
digium asterisk 14.2.1
digium asterisk 14.0.1
digium asterisk 14.2
digium asterisk 14.2.0

Debian Bug report logs - #873909 asterisk: CVE-2017-14098: AST-2017-007: Remote Crash Vulerability in res_pjsip Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Bernhard Schmidt <berni@debianorg> Date: Fri, 1 Sep 2017 06:33:07 UTC Se ...

Debian Bug report logs - #873907 asterisk: CVE-2017-14099: AST-2017-005: Media takeover in RTP stack Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Bernhard Schmidt <berni@debianorg> Date: Fri, 1 Sep 2017 06:33:02 UTC Severity: gra ...

Debian Bug report logs - #873908 asterisk: CVE-2017-14100: AST-2017-006: Shell access command injection inapp_minivm Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Bernhard Schmidt <berni@debianorg> Date: Fri, 1 Sep 2017 06:33:04 UT ...

CWE-20 https://issues.asterisk.org/jira/browse/ASTERISK-27152 https://bugs.debian.org/873909 http://downloads.asterisk.org/pub/security/AST-2017-007.html http://www.securitytracker.com/id/1039253 http://www.securityfocus.com/bid/100583 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909

CVE-2017-14098

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect