Main Vulnerability Database Vulnerabilities #VU9736

#VU9736 Improper input validation in Asterisk Open Source - CVE-2017-17850

Published: December 23, 2017 / Updated: December 25, 2017

Vulnerability identifier: #VU9736

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-17850

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Asterisk Open Source

Software vendor:
Digium (Linux Support Services)

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when processing malicious SIP data. A remote attacker can send specially crafted SIP data without a contact header, trigger an error in the PJSIP channel driver and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following version.

External links

http://downloads.asterisk.org/pub/security/AST-2017-014.html

#VU9736 Improper input validation in Asterisk Open Source - CVE-2017-17850

Description

Remediation

External links

Please verify you're human