Published: 09/11/2017 Updated: 25/11/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A Buffer Overflow issue exists in Asterisk Open Source 13 prior to 13.18.1, 14 prior to 14.7.1, and 15 prior to 15.1.1 and Certified Asterisk 13.13 prior to 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk
digium certified asterisk 13.13.0

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1:11131~dfsg-2+deb8u5 For the stable distribution (s ...

Debian Bug report logs - #884345 asterisk: CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Dec 2017 10:18:02 UTC Severity: ...

Debian Bug report logs - #881257 asterisk: CVE-2017-16671: AST-2017-010: Buffer overflow in CDR's set user Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Nov 2017 13:03:01 UTC Se ...

Debian Bug report logs - #881256 asterisk: CVE-2017-16672: AST-2017-011: Memory/File Descriptor/RTP leak in pjsip session resource Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 N ...

CWE-119 https://issues.asterisk.org/jira/browse/ASTERISK-27337 http://downloads.digium.com/pub/security/AST-2017-010.html http://www.securityfocus.com/bid/101760 https://www.debian.org/security/2017/dsa-4076 https://security.gentoo.org/glsa/201811-11 https://nvd.nist.gov https://www.debian.org/security/./dsa-4076

CVE-2017-16671

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect