CVE-2017-17090
Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (tambiƩn conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-01 CVE Reserved
- 2017-12-02 CVE Published
- 2023-06-03 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-459: Incomplete Cleanup
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102023 | Third Party Advisory | |
http://www.securitytracker.com/id/1039948 | Vdb Entry | |
https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/43992 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://downloads.digium.com/pub/security/AST-2017-013.html | 2019-10-03 | |
https://issues.asterisk.org/jira/browse/ASTERISK-27452 | 2019-10-03 | |
https://www.debian.org/security/2017/dsa-4076 | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | <= 13.13 Search vendor "Digium" for product "Certified Asterisk" and version " <= 13.13" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert1 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert1_rc1 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert1_rc2 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert1_rc3 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert1_rc4 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert2 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert3 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert4 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert5 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert6 |
Affected
| ||||||
Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13 Search vendor "Digium" for product "Certified Asterisk" and version "13.13" | cert7 |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | <= 13.8.2 Search vendor "Digium" for product "Asterisk" and version " <= 13.8.2" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | <= 14.7.2 Search vendor "Digium" for product "Asterisk" and version " <= 14.7.2" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | <= 15.1.2 Search vendor "Digium" for product "Asterisk" and version " <= 15.1.2" | - |
Affected
|