5.9

CVE-2017-16672

EPSS 5.27%
Veröffentlicht 09.11.2017 00:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Digium ≫ Asterisk Version >= 13.0.0 < 13.18.1

Digium ≫ Asterisk Version >= 14.0.0 < 14.7.1

Digium ≫ Asterisk Version >= 15.0.0 < 15.1.1

Digium ≫ Certified Asterisk Version13.13.0

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc1

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc2

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc3

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1_rc4

Digium ≫ Certified Asterisk Version13.13.0 Updatecert2

Digium ≫ Certified Asterisk Version13.13.0 Updatecert3

Digium ≫ Certified Asterisk Version13.13.0 Updatecert4

Digium ≫ Certified Asterisk Version13.13.0 Updatecert5

Digium ≫ Certified Asterisk Version13.13.0 Updatecert6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.27%	0.89

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://security.gentoo.org/glsa/201811-11

https://www.debian.org/security/2017/dsa-4076

http://downloads.digium.com/pub/security/AST-2017-011.html

Vendor Advisory

http://www.securityfocus.com/bid/101765

Third Party Advisory

VDB Entry

https://issues.asterisk.org/jira/browse/ASTERISK-27345

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16672

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16672

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16672

EUVD