CVE-2017-9358

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Published: Jun 2, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-9358
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
asterisk / certified_asterisk	13.13.0-cert3	13.13.0-cert3.x
asterisk / certified_asterisk	13.13.0-cert1	13.13.0-cert1.x
asterisk / certified_asterisk	13.13.0-rc2	13.13.0-rc2.x
asterisk / certified_asterisk	13.13.0-cert2	13.13.0-cert2.x
asterisk / certified_asterisk	13.13.0	13.13.0.x
asterisk / certified_asterisk	13.13.0-rc1	13.13.0-rc1.x
asterisk / certified_asterisk	13.13.0-cert1-rc4	13.13.0-cert1-rc4.x
asterisk / certified_asterisk	13.13.0-cert1-rc1	13.13.0-cert1-rc1.x
asterisk / certified_asterisk	13.13.0-cert1-rc3	13.13.0-cert1-rc3.x
asterisk / certified_asterisk	13.13.0-cert1-rc2	13.13.0-cert1-rc2.x
sangoma / asterisk	13.0.0	13.0.0.x
sangoma / asterisk	13.8.0	13.8.0.x
sangoma / asterisk	13.11.0-rc1	13.11.0-rc1.x
sangoma / asterisk	13.12.0	13.12.0.x
sangoma / asterisk	13.2.0-rc1	13.2.0-rc1.x
sangoma / asterisk	13.6.0-rc1	13.6.0-rc1.x
sangoma / asterisk	13.1.0-rc2	13.1.0-rc2.x
sangoma / asterisk	13.12.0-rc1	13.12.0-rc1.x
sangoma / asterisk	13.8.0-rc1	13.8.0-rc1.x
sangoma / asterisk	13.8.2	13.8.2.x
sangoma / asterisk	13.7.0-rc1	13.7.0-rc1.x
sangoma / asterisk	13.8.1	13.8.1.x
sangoma / asterisk	13.1.0-rc1	13.1.0-rc1.x
sangoma / asterisk	13.13.0-rc1	13.13.0-rc1.x
sangoma / asterisk	13.12.1	13.12.1.x
sangoma / asterisk	13.9.0	13.9.0.x
sangoma / asterisk	13.10.0-rc1	13.10.0-rc1.x
sangoma / asterisk	13.1.0	13.1.0.x
sangoma / asterisk	13.5.0	13.5.0.x
sangoma / asterisk	13.2.0	13.2.0.x
sangoma / asterisk	13.9.0-rc1	13.9.0-rc1.x
sangoma / asterisk	13.15.0-rc1	13.15.0-rc1.x
sangoma / asterisk	13.7.0	13.7.0.x
sangoma / asterisk	13.12.2	13.12.2.x
sangoma / asterisk	13.14.0-rc1	13.14.0-rc1.x
sangoma / asterisk	13.5.0-rc1	13.5.0-rc1.x
sangoma / asterisk	13.4.0-rc1	13.4.0-rc1.x
sangoma / asterisk	13.4.0	13.4.0.x
sangoma / asterisk	13.3.0-rc1	13.3.0-rc1.x
sangoma / asterisk	14.2.0-rc2	14.2.0-rc2.x
sangoma / asterisk	14.0.0	14.0.0.x
sangoma / asterisk	14.2.0-rc1	14.2.0-rc1.x
sangoma / asterisk	14.1.0-rc1	14.1.0-rc1.x
sangoma / asterisk	14.2.1	14.2.1.x
sangoma / asterisk	14.4.0-rc1	14.4.0-rc1.x
sangoma / asterisk	14.0.0-rc1	14.0.0-rc1.x
sangoma / asterisk	14.0.0-beta2	14.0.0-beta2.x
sangoma / asterisk	14.2.0	14.2.0.x
sangoma / asterisk	14.3.0-rc1	14.3.0-rc1.x
sangoma / asterisk	14.0.0-beta1	14.0.0-beta1.x

Vulnerability Database

289,697

CVE-2017-9358