Memory Exhaustion Vulnerability in Asterisk Open Source from Digium
CVE-2017-9358

7.5HIGH

Key Information:

Vendor

Asterisk

Status
Open Source
Vendor
CVE Published:
2 June 2017

What is CVE-2017-9358?

A memory exhaustion vulnerability exists in Asterisk Open Source that can be triggered by sending specifically crafted SCCP packets. This exploitation can cause an infinite loop within the system, leading to excessive memory consumption as ongoing message logging occurs within that loop. This vulnerability affects multiple versions of Asterisk, namely 13.x versions prior to 13.15.1, 14.x versions before 14.4.1, and Certified Asterisk 13.13 before 13.13-cert4, highlighting a critical area of concern for users relying on this telephony platform.

References

http://www.securitytracker.com/id/1038531
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/98573
vdb-entryx_refsource_BID
http://downloads.asterisk.org/pub/security/AST-2017-004.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-9358 : Memory Exhaustion Vulnerability in Asterisk Open Source from Digium