PT-2017-14515 · Digium · Asterisk

Corey Farrell

+1

·

Publicado

2017-11-09

·

Atualizado

2019-10-03

·

CVE-2017-16672

CVSS v3.1

5.9

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions prior to 13.18.1 Asterisk Open Source versions prior to 14.7.1 Asterisk Open Source versions prior to 15.1.1 Certified Asterisk versions prior to 13.13-cert7
Description A memory leak occurs when an Asterisk pjsip session object is created and the call gets rejected before the session is fully established, causing the session object to never be destroyed. This can lead to Asterisk running out of memory and crashing.
Recommendations For Asterisk Open Source versions prior to 13.18.1, update to version 13.18.1 or later. For Asterisk Open Source versions prior to 14.7.1, update to version 14.7.1 or later. For Asterisk Open Source versions prior to 15.1.1, update to version 15.1.1 or later. For Certified Asterisk versions prior to 13.13-cert7, update to version 13.13-cert7 or later.

Correção

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

CVE-2017-16672
DSA-4076-1

Produtos afetados

Asterisk