var-201706-0901
Vulnerability from variot
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Asterisk Open Source and Certified Asterisk Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Asterisk products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0901",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.1.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.14.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.3.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.8.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.4.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.10.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.8.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.6.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.11.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.1.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.12.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.15.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.0.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.5.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.2.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.12.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.7.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.8.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.12.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.4.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.2.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.3.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.9.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.0.0"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "14.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.13-cert4"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "13.13"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.15.1"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "14.4.1"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.1.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.2.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.4.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.3.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.0.0"
},
{
"model": "certified asterisk 13.13-cert3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.13"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.7.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.3.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.0.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "14.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.8.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.1.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.0.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.0"
},
{
"model": "certified asterisk 13.13-cert4",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "open source",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "14.4.1"
},
{
"model": "open source",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.15.1"
}
],
"sources": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:digium:open_source",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandro Gauci",
"sources": [
{
"db": "BID",
"id": "98573"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9358",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9358",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9358",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9358",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-060",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Asterisk Open Source and Certified Asterisk Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Asterisk products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "BID",
"id": "98573"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9358",
"trust": 2.7
},
{
"db": "BID",
"id": "98573",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1038531",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"id": "VAR-201706-0901",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2024-11-23T22:45:38.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2017-004",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"title": "863906",
"trust": 0.8,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906"
},
{
"title": "Digium Asterisk Open Source and Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70679"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2017-004.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/98573"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1038531"
},
{
"trust": 1.6,
"url": "https://bugs.debian.org/863906"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9358"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2017/may/76"
},
{
"trust": 0.3,
"url": "http://www.asterisk.org/"
},
{
"trust": 0.3,
"url": "http://downloads.asterisk.org/pub/security/ast-2017-004.html"
}
],
"sources": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "BID",
"id": "98573"
},
{
"date": "2017-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"date": "2017-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"date": "2017-06-02T05:29:00.700000",
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-02T18:01:00",
"db": "BID",
"id": "98573"
},
{
"date": "2017-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"date": "2024-11-21T03:35:54.630000",
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk Open Source and Certified Asterisk Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.