CVE-2017-16671

EPSS 3.64%
Veröffentlicht 09.11.2017 00:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Digium ≫ Asterisk Version >= 13.0.0 < 13.18.1

Digium ≫ Asterisk Version >= 14.0.0 < 14.7.1

Digium ≫ Asterisk Version >= 15.0.0 < 15.1.1

Digium ≫ Certified Asterisk Version13.13.0

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc1

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc2

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc3

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc4

Digium ≫ Certified Asterisk Version13.13.0 Updatecert2

Digium ≫ Certified Asterisk Version13.13.0 Updatecert3

Digium ≫ Certified Asterisk Version13.13.0 Updatecert4

Digium ≫ Certified Asterisk Version13.13.0 Updatecert5

Digium ≫ Certified Asterisk Version13.13.0 Updatecert6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.64%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://downloads.digium.com/pub/security/AST-2017-010.html

Vendor Advisory

http://www.securityfocus.com/bid/101760

Third Party Advisory

VDB Entry

https://issues.asterisk.org/jira/browse/ASTERISK-27337

Vendor Advisory

Issue Tracking

https://security.gentoo.org/glsa/201811-11

https://www.debian.org/security/2017/dsa-4076

https://nvd.nist.gov/vuln/detail/CVE-2017-16671

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16671

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16671

EUVD