CVE-2017-17850

Name of the Vulnerable Software and Affected Versions Asterisk versions 13.18.4 and older Asterisk versions 14.7.4 and older Asterisk versions 15.1.4 and older Asterisk versions 13.18-cert1 and older

Description An issue was discovered where certain SIP messages can cause Asterisk to crash if the contact header is not present and the PJSIP channel driver is used. The severity of this issue is somewhat mitigated if authentication is enabled, as a user would have to be authorized first before reaching the point where the crash occurs.

Recommendations For Asterisk versions 13.18.4 and older, consider disabling the PJSIP channel driver until a patch is available. For Asterisk versions 14.7.4 and older, consider disabling the PJSIP channel driver until a patch is available. For Asterisk versions 15.1.4 and older, consider disabling the PJSIP channel driver until a patch is available. For Asterisk versions 13.18-cert1 and older, consider disabling the PJSIP channel driver until a patch is available.