7.5

CVE-2017-14098

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Data is provided by the National Vulnerability Database (NVD)
DigiumAsterisk Version13.0.0 SwEditionlts
DigiumAsterisk Version13.0.0 Updatebeta1
DigiumAsterisk Version13.0.0 Updatebeta2
DigiumAsterisk Version13.0.0 Updatebeta3
DigiumAsterisk Version13.0.1
DigiumAsterisk Version13.0.2
DigiumAsterisk Version13.1.0
DigiumAsterisk Version13.1.0 Updaterc1
DigiumAsterisk Version13.1.0 Updaterc2
DigiumAsterisk Version13.1.1
DigiumAsterisk Version13.2.0
DigiumAsterisk Version13.2.0 Updaterc1
DigiumAsterisk Version13.2.1
DigiumAsterisk Version13.3.0 Updaterc1
DigiumAsterisk Version13.3.2
DigiumAsterisk Version13.4.0
DigiumAsterisk Version13.4.0 Updaterc1
DigiumAsterisk Version13.5.0
DigiumAsterisk Version13.5.0 Updaterc1
DigiumAsterisk Version13.6.0 Updaterc1
DigiumAsterisk Version13.7.0 Updaterc1
DigiumAsterisk Version13.7.0 Updaterc2
DigiumAsterisk Version13.7.1
DigiumAsterisk Version13.7.2
DigiumAsterisk Version13.8.0
DigiumAsterisk Version13.8.0 Updaterc1
DigiumAsterisk Version13.8.1
DigiumAsterisk Version13.8.2
DigiumAsterisk Version13.9.0
DigiumAsterisk Version13.9.1
DigiumAsterisk Version13.10.0
DigiumAsterisk Version13.10.0 Updaterc1
DigiumAsterisk Version13.11.0
DigiumAsterisk Version13.11.1
DigiumAsterisk Version13.11.2
DigiumAsterisk Version13.12
DigiumAsterisk Version13.12.0
DigiumAsterisk Version13.12.1
DigiumAsterisk Version13.12.2
DigiumAsterisk Version13.13
DigiumAsterisk Version13.13.0
DigiumAsterisk Version13.13.1
DigiumAsterisk Version13.14.0
DigiumAsterisk Version13.14.0 Updaterc1
DigiumAsterisk Version13.14.0 Updaterc2
DigiumAsterisk Version13.14.1
DigiumAsterisk Version13.15.0
DigiumAsterisk Version13.15.0 Updaterc1
DigiumAsterisk Version13.15.0 Updaterc2
DigiumAsterisk Version13.15.0 Updaterc3
DigiumAsterisk Version13.15.1
DigiumAsterisk Version13.16.0
DigiumAsterisk Version13.16.0 Updaterc1
DigiumAsterisk Version13.16.0 Updaterc2
DigiumAsterisk Version13.17.0
DigiumAsterisk Version13.17.0 Updaterc1
DigiumAsterisk Version14.0
DigiumAsterisk Version14.0.0
DigiumAsterisk Version14.0.0 Updatebeta1
DigiumAsterisk Version14.0.0 Updatebeta2
DigiumAsterisk Version14.0.0 Updaterc1
DigiumAsterisk Version14.0.0 Updaterc2
DigiumAsterisk Version14.0.1
DigiumAsterisk Version14.0.2
DigiumAsterisk Version14.1
DigiumAsterisk Version14.01
DigiumAsterisk Version14.1.0
DigiumAsterisk Version14.1.1
DigiumAsterisk Version14.1.2
DigiumAsterisk Version14.02
DigiumAsterisk Version14.2
DigiumAsterisk Version14.2.0
DigiumAsterisk Version14.2.1
DigiumAsterisk Version14.3.0
DigiumAsterisk Version14.3.0 Updaterc1
DigiumAsterisk Version14.3.0 Updaterc2
DigiumAsterisk Version14.3.1
DigiumAsterisk Version14.4.0
DigiumAsterisk Version14.4.0 Updaterc1
DigiumAsterisk Version14.4.0 Updaterc2
DigiumAsterisk Version14.4.0 Updaterc3
DigiumAsterisk Version14.4.1
DigiumAsterisk Version14.5.0
DigiumAsterisk Version14.5.0 Updaterc1
DigiumAsterisk Version14.5.0 Updaterc2
DigiumAsterisk Version14.6.0
DigiumAsterisk Version14.6.0 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 40.12% 0.97
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/100583
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039253
Third Party Advisory
VDB Entry
https://bugs.debian.org/873909
Patch
Third Party Advisory
Issue Tracking