PT-2017-14705 · Sangoma · Asterisk
Juan Sacco
·
Published
2017-12-02
·
Updated
2019-10-03
·
CVE-2017-17090
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 13.18.2 and older
Asterisk Open Source versions 14.7.2 and older
Asterisk Open Source versions 15.1.2 and older
Certified Asterisk versions 13.13-cert7 and older
Description
An issue in the chan skinny.c file can cause the asterisk process to use excessive virtual memory if the chan skinny channel driver is flooded with certain requests, eventually stopping asterisk from processing any requests.
Recommendations
For Asterisk Open Source versions 13.18.2 and older, update to a version newer than 13.18.2 to resolve the issue.
For Asterisk Open Source versions 14.7.2 and older, update to a version newer than 14.7.2 to resolve the issue.
For Asterisk Open Source versions 15.1.2 and older, update to a version newer than 15.1.2 to resolve the issue.
For Certified Asterisk versions 13.13-cert7 and older, update to a version newer than 13.13-cert7 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk