CVE-2017-9358
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podría llevarse a cabo mediante el envío de paquetes SCCP especialmente manipulados que provocarían un bucle infinito y darían lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-06-01 CVE Reserved
- 2017-06-02 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2017-004.txt | Third Party Advisory | |
| http://www.securityfocus.com/bid/98573 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038531 | Vdb Entry | |
| https://bugs.debian.org/863906 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.0.0 Search vendor "Asterisk" for product "Open Source" and version "13.0.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.1.0 Search vendor "Asterisk" for product "Open Source" and version "13.1.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.1.0 Search vendor "Asterisk" for product "Open Source" and version "13.1.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.1.0 Search vendor "Asterisk" for product "Open Source" and version "13.1.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.2.0 Search vendor "Asterisk" for product "Open Source" and version "13.2.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.2.0 Search vendor "Asterisk" for product "Open Source" and version "13.2.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.3.0 Search vendor "Asterisk" for product "Open Source" and version "13.3.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.4.0 Search vendor "Asterisk" for product "Open Source" and version "13.4.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.4.0 Search vendor "Asterisk" for product "Open Source" and version "13.4.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.5.0 Search vendor "Asterisk" for product "Open Source" and version "13.5.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.5.0 Search vendor "Asterisk" for product "Open Source" and version "13.5.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.6.0 Search vendor "Asterisk" for product "Open Source" and version "13.6.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.7.0 Search vendor "Asterisk" for product "Open Source" and version "13.7.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.7.0 Search vendor "Asterisk" for product "Open Source" and version "13.7.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.0 Search vendor "Asterisk" for product "Open Source" and version "13.8.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.0 Search vendor "Asterisk" for product "Open Source" and version "13.8.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.1 Search vendor "Asterisk" for product "Open Source" and version "13.8.1" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.8.2 Search vendor "Asterisk" for product "Open Source" and version "13.8.2" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.9.0 Search vendor "Asterisk" for product "Open Source" and version "13.9.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.9.0 Search vendor "Asterisk" for product "Open Source" and version "13.9.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.10.0 Search vendor "Asterisk" for product "Open Source" and version "13.10.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.11.0 Search vendor "Asterisk" for product "Open Source" and version "13.11.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.0 Search vendor "Asterisk" for product "Open Source" and version "13.12.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.0 Search vendor "Asterisk" for product "Open Source" and version "13.12.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.1 Search vendor "Asterisk" for product "Open Source" and version "13.12.1" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.12.2 Search vendor "Asterisk" for product "Open Source" and version "13.12.2" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.13.0 Search vendor "Asterisk" for product "Open Source" and version "13.13.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.14.0 Search vendor "Asterisk" for product "Open Source" and version "13.14.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 13.15.0 Search vendor "Asterisk" for product "Open Source" and version "13.15.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert1-rc4 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | cert3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 13.13.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "13.13.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | beta1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | beta2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.0.0 Search vendor "Asterisk" for product "Open Source" and version "14.0.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.1.0 Search vendor "Asterisk" for product "Open Source" and version "14.1.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.0 Search vendor "Asterisk" for product "Open Source" and version "14.2.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.0 Search vendor "Asterisk" for product "Open Source" and version "14.2.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.0 Search vendor "Asterisk" for product "Open Source" and version "14.2.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.2.1 Search vendor "Asterisk" for product "Open Source" and version "14.2.1" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.3.0 Search vendor "Asterisk" for product "Open Source" and version "14.3.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 14.4.0 Search vendor "Asterisk" for product "Open Source" and version "14.4.0" | rc1 |
Affected
| ||||||