Published: 09/11/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in Asterisk Open Source 13 prior to 13.18.1, 14 prior to 14.7.1, and 15 prior to 15.1.1 and Certified Asterisk 13.13 prior to 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk
digium certified asterisk 13.13.0

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1:11131~dfsg-2+deb8u5 For the stable distribution (s ...

Debian Bug report logs - #884345 asterisk: CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Dec 2017 10:18:02 UTC Severity: ...

Debian Bug report logs - #881257 asterisk: CVE-2017-16671: AST-2017-010: Buffer overflow in CDR's set user Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Nov 2017 13:03:01 UTC Se ...

Debian Bug report logs - #881256 asterisk: CVE-2017-16672: AST-2017-011: Memory/File Descriptor/RTP leak in pjsip session resource Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 N ...

CWE-772 https://issues.asterisk.org/jira/browse/ASTERISK-27345 http://downloads.digium.com/pub/security/AST-2017-011.html http://www.securityfocus.com/bid/101765 https://www.debian.org/security/2017/dsa-4076 https://security.gentoo.org/glsa/201811-11 https://www.debian.org/security/./dsa-4076 https://nvd.nist.gov

CVE-2017-16672

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect