cbcvebase.
CVE-2017-9358
published 2017-06-02

CVE-2017-9358: A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4…

PriorityP338high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.82%
84.8th percentile
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
asteriskcertified_asterisk
debianasterisk< asterisk 1:13.14.1~dfsg-2 (bullseye)asterisk 1:13.14.1~dfsg-2 (bullseye)
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk
sangomaasterisk

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.