CVE-2017-9372
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versión 13.13 y anteriores a 13.13-cert4, y otros productos, permite a los atacantes remotos causar una denegación de servicio (desbordamiento de búfer y bloqueo de aplicación) por medio de un paquete SIP con un encabezado CSeq especialmente diseñado junto con un encabezado Via que carece de un parámetro branch.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-06-02 CVE Reserved
- 2017-06-02 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://downloads.asterisk.org/pub/security/AST-2017-002.txt | Third Party Advisory | |
| http://www.securityfocus.com/bid/98572 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038529 | Vdb Entry | |
| https://bugs.debian.org/863901 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3933 | 2017-11-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.0.0 Search vendor "Digium" for product "Open Source" and version "13.0.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.1.0 Search vendor "Digium" for product "Open Source" and version "13.1.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.1.0 Search vendor "Digium" for product "Open Source" and version "13.1.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.1.0 Search vendor "Digium" for product "Open Source" and version "13.1.0" | rc2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.2.0 Search vendor "Digium" for product "Open Source" and version "13.2.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.2.0 Search vendor "Digium" for product "Open Source" and version "13.2.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.3.0 Search vendor "Digium" for product "Open Source" and version "13.3.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.4.0 Search vendor "Digium" for product "Open Source" and version "13.4.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.4.0 Search vendor "Digium" for product "Open Source" and version "13.4.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.5.0 Search vendor "Digium" for product "Open Source" and version "13.5.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.5.0 Search vendor "Digium" for product "Open Source" and version "13.5.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.6.0 Search vendor "Digium" for product "Open Source" and version "13.6.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.7.0 Search vendor "Digium" for product "Open Source" and version "13.7.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.7.0 Search vendor "Digium" for product "Open Source" and version "13.7.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.8.0 Search vendor "Digium" for product "Open Source" and version "13.8.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.8.0 Search vendor "Digium" for product "Open Source" and version "13.8.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.8.1 Search vendor "Digium" for product "Open Source" and version "13.8.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.8.2 Search vendor "Digium" for product "Open Source" and version "13.8.2" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.9.0 Search vendor "Digium" for product "Open Source" and version "13.9.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.9.0 Search vendor "Digium" for product "Open Source" and version "13.9.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.10.0 Search vendor "Digium" for product "Open Source" and version "13.10.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.11.0 Search vendor "Digium" for product "Open Source" and version "13.11.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.12.0 Search vendor "Digium" for product "Open Source" and version "13.12.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.12.0 Search vendor "Digium" for product "Open Source" and version "13.12.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.12.1 Search vendor "Digium" for product "Open Source" and version "13.12.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.12.2 Search vendor "Digium" for product "Open Source" and version "13.12.2" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.13.0 Search vendor "Digium" for product "Open Source" and version "13.13.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.14.0 Search vendor "Digium" for product "Open Source" and version "13.14.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 13.15.0 Search vendor "Digium" for product "Open Source" and version "13.15.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.0.0 Search vendor "Digium" for product "Open Source" and version "14.0.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.0.0 Search vendor "Digium" for product "Open Source" and version "14.0.0" | beta1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.0.0 Search vendor "Digium" for product "Open Source" and version "14.0.0" | beta2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.0.0 Search vendor "Digium" for product "Open Source" and version "14.0.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.1.0 Search vendor "Digium" for product "Open Source" and version "14.1.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.2.0 Search vendor "Digium" for product "Open Source" and version "14.2.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.2.0 Search vendor "Digium" for product "Open Source" and version "14.2.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.2.0 Search vendor "Digium" for product "Open Source" and version "14.2.0" | rc2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.2.1 Search vendor "Digium" for product "Open Source" and version "14.2.1" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.3.0 Search vendor "Digium" for product "Open Source" and version "14.3.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Open Source Search vendor "Digium" for product "Open Source" | 14.4.0 Search vendor "Digium" for product "Open Source" and version "14.4.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | - |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert1-rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert1-rc2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert1-rc3 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert1-rc4 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert2 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | cert3 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | rc1 |
Affected
| ||||||
| Digium Search vendor "Digium" | Certified Asterisk Search vendor "Digium" for product "Certified Asterisk" | 13.13.0 Search vendor "Digium" for product "Certified Asterisk" and version "13.13.0" | rc2 |
Affected
| ||||||