CVE-2017-9358
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podría llevarse a cabo mediante el envío de paquetes SCCP especialmente manipulados que provocarían un bucle infinito y darían lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-01 CVE Reserved
- 2017-06-02 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://downloads.asterisk.org/pub/security/AST-2017-004.txt | Third Party Advisory | |
http://www.securityfocus.com/bid/98573 | Third Party Advisory | |
http://www.securitytracker.com/id/1038531 | Vdb Entry | |
https://bugs.debian.org/863906 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.0.0 Search vendor "Asterisk" for product "Open Source" and version "13.0.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.1.0 Search vendor "Asterisk" for product "Open Source" and version "13.1.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.1.0 Search vendor "Asterisk" for product "Open Source" and version "13.1.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.1.0 Search vendor "Asterisk" for product "Open Source" and version "13.1.0" | rc2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.2.0 Search vendor "Asterisk" for product "Open Source" and version "13.2.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.2.0 Search vendor "Asterisk" for product "Open Source" and version "13.2.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.3.0 Search vendor "Asterisk" for product "Open Source" and version "13.3.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.4.0 Search vendor "Asterisk" for product "Open Source" and version "13.4.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.4.0 Search vendor "Asterisk" for product "Open Source" and version "13.4.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.5.0 Search vendor "Asterisk" for product "Open Source" and version "13.5.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.5.0 Search vendor "Asterisk" for product "Open Source" and version "13.5.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.6.0 Search vendor "Asterisk" for product "Open Source" and version "13.6.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.7.0 Search vendor "Asterisk" for product "Open Source" and version "13.7.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.7.0 Search vendor "Asterisk" for product "Open Source" and version "13.7.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.0 Search vendor "Asterisk" for product "Open Source" and version "13.8.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.0 Search vendor "Asterisk" for product "Open Source" and version "13.8.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.1 Search vendor "Asterisk" for product "Open Source" and version "13.8.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.2 Search vendor "Asterisk" for product "Open Source" and version "13.8.2" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.9.0 Search vendor "Asterisk" for product "Open Source" and version "13.9.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.9.0 Search vendor "Asterisk" for product "Open Source" and version "13.9.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.10.0 Search vendor "Asterisk" for product "Open Source" and version "13.10.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.11.0 Search vendor "Asterisk" for product "Open Source" and version "13.11.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.0 Search vendor "Asterisk" for product "Open Source" and version "13.12.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.0 Search vendor "Asterisk" for product "Open Source" and version "13.12.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.1 Search vendor "Asterisk" for product "Open Source" and version "13.12.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.2 Search vendor "Asterisk" for product "Open Source" and version "13.12.2" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.13.0 Search vendor "Asterisk" for product "Open Source" and version "13.13.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.14.0 Search vendor "Asterisk" for product "Open Source" and version "13.14.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.15.0 Search vendor "Asterisk" for product "Open Source" and version "13.15.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc3 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc4 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert3 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | rc2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | beta1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | beta2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.1.0 Search vendor "Asterisk" for product "Open Source" and version "14.1.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.0 Search vendor "Asterisk" for product "Open Source" and version "14.2.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.0 Search vendor "Asterisk" for product "Open Source" and version "14.2.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.0 Search vendor "Asterisk" for product "Open Source" and version "14.2.0" | rc2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.1 Search vendor "Asterisk" for product "Open Source" and version "14.2.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.3.0 Search vendor "Asterisk" for product "Open Source" and version "14.3.0" | rc1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.4.0 Search vendor "Asterisk" for product "Open Source" and version "14.4.0" | rc1 |
Affected
|