CVE-2017-17850
published 2017-12-27CVE-2017-17850: An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a…
PriorityP359high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
75.35%
99.5th percentile
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:13.18.5~dfsg-1 (bullseye) | asterisk 1:13.18.5~dfsg-1 (bullseye) |
| digium | asterisk | >= 0 < 1:13.18.5~dfsg-1 | 1:13.18.5~dfsg-1 |
| digium | asterisk | 13.0.0 – 13.18.4 | — |
| digium | asterisk | 14.0.0 – 14.7.4 | — |
| digium | asterisk | 15.0.0 – 15.1.4 | — |
| digium | certified_asterisk | — | — |
| digium | certified_asterisk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crash is triggered by SIP messages that create a dialog (e.g., INVITE, SUBSCRIBE) sent to Asterisk using the PJSIP channel driver where the required Contact header is absent — monitor for SIP dialog-creating messages missing the Contact header targeting Asterisk PJSIP endpoints. ↗
- →The vulnerability is reachable pre-authentication; if authentication is disabled on the PJSIP endpoint, unauthenticated remote attackers can trigger the crash — prioritize detection on unauthenticated PJSIP endpoints. ↗
- ·Only the PJSIP channel driver (chan_pjsip) is affected; the legacy chan_sip driver is not vulnerable. Ensure detection/monitoring targets PJSIP listener ports specifically. ↗
- ·Affected versions are Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. Fixed in 13.18.5 (Debian package 1:13.18.5~dfsg-1) and 14.7.5. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cx4v-84p4-4vh6: An issue was discovered in Asterisk 13
ghsa_unreviewed·2022-05-14
CVE-2017-17850 [HIGH] CWE-20 GHSA-cx4v-84p4-4vh6: An issue was discovered in Asterisk 13
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
OSV
CVE-2017-17850: An issue was discovered in Asterisk 13
osv·2017-12-27·CVSS 7.5
CVE-2017-17850 [HIGH] CVE-2017-17850: An issue was discovered in Asterisk 13
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Debian
CVE-2017-17850: asterisk - An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 ...
vendor_debian·2017·CVSS 7.5
CVE-2017-17850 [HIGH] CVE-2017-17850: asterisk - An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 ...
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Scope: local
bullseye: resolved (fixed in 1:13.18.5~dfsg-1)
sid: resolved (fixed in 1:13.18.5~dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver
bugzilla·2017-12-26·CVSS 7.5
CVE-2017-17850 [HIGH] CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver
CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Upstream bug:
https://issues.asterisk.org/jira/browse/ASTERISK-27480
References:
https://issues.asterisk.org/jira/secure/attachment/56540/AST-2017-014.pdf
Discussion:
Created a
Bugzilla
CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver [fedora-all]
bugzilla·2017-12-26·CVSS 7.5
CVE-2017-17850 [HIGH] CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver [fedora-all]
CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver [epel-6]
bugzilla·2017-12-26·CVSS 7.5
CVE-2017-17850 [HIGH] CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver [epel-6]
CVE-2017-17850 asterisk: Authenticated remote DOS via SIP contact header in PJSIP driver [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following templ
http://downloads.asterisk.org/pub/security/AST-2017-014.htmlhttp://www.securitytracker.com/id/1040056https://issues.asterisk.org/jira/browse/ASTERISK-27480https://security.gentoo.org/glsa/201811-11http://downloads.asterisk.org/pub/security/AST-2017-014.htmlhttp://www.securitytracker.com/id/1040056https://issues.asterisk.org/jira/browse/ASTERISK-27480https://security.gentoo.org/glsa/201811-11
2017-12-27
Published