PT-2017-18870 · Sangoma · Asterisk
Sandro Gauci
·
Published
2017-06-02
·
Updated
2024-08-15
·
CVE-2017-9358
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 13.x through 13.15.0
Asterisk Open Source versions 14.x through 14.4.0
Certified Asterisk versions 13.13 through 13.13-cert3
Description
A memory exhaustion issue exists, which can be triggered by sending specially crafted SCCP packets, causing an infinite loop and leading to memory exhaustion due to message logging in that loop.
Recommendations
For Asterisk Open Source versions 13.x through 13.15.0, update to version 13.15.1 or later.
For Asterisk Open Source versions 14.x through 14.4.0, update to version 14.4.1 or later.
For Certified Asterisk versions 13.13 through 13.13-cert3, update to version 13.13-cert4 or later.
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk