7.5
CVE-2017-9358
- EPSS 1.19%
- Published 02.06.2017 05:29:00
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
Data is provided by the National Vulnerability Database (NVD)
Asterisk ≫ Certified Asterisk Version13.13.0
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert1
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert1-rc1
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert1-rc2
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert1-rc3
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert1-rc4
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert2
Asterisk ≫ Certified Asterisk Version13.13.0 Updatecert3
Asterisk ≫ Certified Asterisk Version13.13.0 Updaterc1
Asterisk ≫ Certified Asterisk Version13.13.0 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.19% | 0.769 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.