PT-2017-14515 · Digium · Asterisk

Corey Farrell

Published

2017-11-09

Updated

2019-10-03

CVE-2017-16672

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions prior to 13.18.1 Asterisk Open Source versions prior to 14.7.1 Asterisk Open Source versions prior to 15.1.1 Certified Asterisk versions prior to 13.13-cert7

Description A memory leak occurs when an Asterisk pjsip session object is created and the call gets rejected before the session is fully established, causing the session object to never be destroyed. This can lead to Asterisk running out of memory and crashing.

Recommendations For Asterisk Open Source versions prior to 13.18.1, update to version 13.18.1 or later. For Asterisk Open Source versions prior to 14.7.1, update to version 14.7.1 or later. For Asterisk Open Source versions prior to 15.1.1, update to version 15.1.1 or later. For Certified Asterisk versions prior to 13.13-cert7, update to version 13.13-cert7 or later.

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2017-16672

DSA-4076-1

Affected Products

Asterisk

PT-2017-14515 · Digium · Asterisk

CVE-2017-16672

Weakness Enumeration

Related Identifiers

Affected Products

References · 22