CVE-2017-7617 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents6 sources

Severity

8.8HIGHNVD

EPSS

22.0%

top 4.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk Digium Certified Asterisk

Timeline

PublishedApr 10

Latest updateMay 17

Description

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDdigium/certified_asterisk13.13-cert2+1

▶NVDdigium/asterisk13.0.0 — 13.18.1+47

▶debiandebian/asterisk< asterisk 1:13.14.1~dfsg-1 (bullseye)+1

▶Debiandigium/asterisk< 1:13.14.1~dfsg-1+1

▶Ubuntudigium/asterisk< 1:13.1.0~dfsg-1.1ubuntu4.1+esm1

Patches

Patch: downloads.asterisk.org ↗Patch: bugs.debian.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-fw6v-c6vw-rqq9: Remote code execution can occur in Asterisk Open Source 13↗2022-05-17

▶

GHSA

GHSA-6vm7-9fw2-vx89: A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13↗2022-05-14

▶

OSV

asterisk vulnerabilities↗2021-03-15

▶

OSV

CVE-2017-16671: A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13↗2017-11-09

▶

OSV

CVE-2017-7617: Remote code execution can occur in Asterisk Open Source 13↗2017-04-10

▶

📋Vendor Advisories

Ubuntu

Asterisk vulnerabilities↗2021-03-15

▶

Debian

CVE-2017-7617: asterisk - Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and ...↗2017

▶

Debian

CVE-2017-16671: asterisk - A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1...↗2017

▶

💬Community

Bugzilla

CVE-2017-7617 asterisk: Buffer overflow in CDR's set user [fedora-all]↗2017-04-05

▶

Bugzilla

CVE-2017-7617 asterisk: Buffer overflow in CDR's set user [epel-6]↗2017-04-05

▶

Bugzilla

CVE-2017-7617 asterisk: Buffer overflow in CDR's set user↗2017-04-05

▶