Published: 02/12/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium certified asterisk 13.13
digium certified asterisk
digium asterisk

Debian Bug report logs - #884345 asterisk: CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Dec 2017 10:18:02 UTC Severity: ...

Debian Bug report logs - #883342 asterisk: CVE-2017-17090: DOS Vulnerability in Asterisk chan_skinny Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Dec 2017 16:24:01 UTC Severity ...

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1:11131~dfsg-2+deb8u5 For the stable distribution (s ...

# Exploit Author: Juan Sacco <jsacco@exploitpackcom> - exploitpackcom # Vulnerability found using Exploit Pack v10 - Fuzzer module # CVE-2017-17090 - AST-2017-013 # # Tested on: Asterisk 13172~dfsg-2 # # Description: Asterisk is prone to a remote unauthenticated memory exhaustion # The vulnerability is due to an error when the vul ...

Asterisk version 13172 chan_skinny remote memory corruption exploit ...

CWE-459 https://issues.asterisk.org/jira/browse/ASTERISK-27452 http://downloads.digium.com/pub/security/AST-2017-013.html http://www.securityfocus.com/bid/102023 https://www.debian.org/security/2017/dsa-4076 http://www.securitytracker.com/id/1039948 https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html https://www.exploit-db.com/exploits/43992/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345 https://www.exploit-db.com/exploits/43992/https://www.debian.org/security/./dsa-4076

CVE-2017-17090

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect