PT-2017-14705 · Sangoma · Asterisk
Juan Sacco
·
Publicado
2017-12-02
·
Atualizado
2019-10-03
·
CVE-2017-17090
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 13.18.2 and older
Asterisk Open Source versions 14.7.2 and older
Asterisk Open Source versions 15.1.2 and older
Certified Asterisk versions 13.13-cert7 and older
Description
An issue in the chan skinny.c file can cause the asterisk process to use excessive virtual memory if the chan skinny channel driver is flooded with certain requests, eventually stopping asterisk from processing any requests.
Recommendations
For Asterisk Open Source versions 13.18.2 and older, update to a version newer than 13.18.2 to resolve the issue.
For Asterisk Open Source versions 14.7.2 and older, update to a version newer than 14.7.2 to resolve the issue.
For Asterisk Open Source versions 15.1.2 and older, update to a version newer than 15.1.2 to resolve the issue.
For Certified Asterisk versions 13.13-cert7 and older, update to a version newer than 13.13-cert7 to resolve the issue.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk