Published: 13/12/2017 Updated: 02/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A Remote Crash issue exists in Asterisk Open Source 13.x prior to 13.18.4, 14.x prior to 14.7.4, and 15.x prior to 15.1.4 and Certified Asterisk prior to 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digium asterisk
digium certified asterisk 13.13
digium certified asterisk

Debian Bug report logs - #884345 asterisk: CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Dec 2017 10:18:02 UTC Severity: ...

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1:11131~dfsg-2+deb8u5 For the stable distribution (s ...

CWE-119 https://issues.asterisk.org/jira/browse/ASTERISK-27429 https://issues.asterisk.org/jira/browse/ASTERISK-27382 http://downloads.digium.com/pub/security/AST-2017-012.html http://www.securityfocus.com/bid/102201 https://www.debian.org/security/2017/dsa-4076 http://www.securitytracker.com/id/1040009 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345 https://nvd.nist.gov https://www.debian.org/security/./dsa-4076

CVE-2017-17664

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect