5.9

CVE-2017-16672

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

Data is provided by the National Vulnerability Database (NVD)
DigiumAsterisk Version >= 13.0.0 < 13.18.1
DigiumAsterisk Version >= 14.0.0 < 14.7.1
DigiumAsterisk Version >= 15.0.0 < 15.1.1
DigiumCertified Asterisk Version13.13.0
DigiumCertified Asterisk Version13.13.0 Updatecert1
DigiumCertified Asterisk Version13.13.0 Updatecert1_rc1
DigiumCertified Asterisk Version13.13.0 Updatecert1_rc2
DigiumCertified Asterisk Version13.13.0 Updatecert1_rc3
DigiumCertified Asterisk Version13.13.0 Updatecert1_rc4
DigiumCertified Asterisk Version13.13.0 Updatecert2
DigiumCertified Asterisk Version13.13.0 Updatecert3
DigiumCertified Asterisk Version13.13.0 Updatecert4
DigiumCertified Asterisk Version13.13.0 Updatecert5
DigiumCertified Asterisk Version13.13.0 Updatecert6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.27% 0.89
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.securityfocus.com/bid/101765
Third Party Advisory
VDB Entry