CVE-2017-9359

EPSS 0.32%
Veröffentlicht 02.06.2017 05:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Digium ≫ Open Source Version13.0.0

Digium ≫ Open Source Version13.1.0

Digium ≫ Open Source Version13.1.0 Updaterc1

Digium ≫ Open Source Version13.1.0 Updaterc2

Digium ≫ Open Source Version13.2.0

Digium ≫ Open Source Version13.2.0 Updaterc1

Digium ≫ Open Source Version13.3.0 Updaterc1

Digium ≫ Open Source Version13.4.0

Digium ≫ Open Source Version13.4.0 Updaterc1

Digium ≫ Open Source Version13.5.0

Digium ≫ Open Source Version13.5.0 Updaterc1

Digium ≫ Open Source Version13.6.0 Updaterc1

Digium ≫ Open Source Version13.7.0

Digium ≫ Open Source Version13.7.0 Updaterc1

Digium ≫ Open Source Version13.8.0

Digium ≫ Open Source Version13.8.0 Updaterc1

Digium ≫ Open Source Version13.8.1

Digium ≫ Open Source Version13.8.2

Digium ≫ Open Source Version13.9.0

Digium ≫ Open Source Version13.9.0 Updaterc1

Digium ≫ Open Source Version13.10.0 Updaterc1

Digium ≫ Open Source Version13.11.0 Updaterc1

Digium ≫ Open Source Version13.12.0

Digium ≫ Open Source Version13.12.0 Updaterc1

Digium ≫ Open Source Version13.12.1

Digium ≫ Open Source Version13.12.2

Digium ≫ Open Source Version13.13.0 Updaterc1

Digium ≫ Open Source Version13.14.0 Updaterc1

Digium ≫ Open Source Version13.15.0 Updaterc1

Digium ≫ Open Source Version14.2.0

Digium ≫ Open Source Version14.2.0 Updaterc1

Digium ≫ Open Source Version14.2.0 Updaterc2

Digium ≫ Certified Asterisk Version13.13.0

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1-rc1

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1-rc2

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1-rc3

Digium ≫ Certified Asterisk Version13.13.0 Updatecert1-rc4

Digium ≫ Certified Asterisk Version13.13.0 Updatecert2

Digium ≫ Certified Asterisk Version13.13.0 Updatecert3

Digium ≫ Certified Asterisk Version13.13.0 Updaterc1

Digium ≫ Certified Asterisk Version13.13.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.522

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://downloads.asterisk.org/pub/security/AST-2017-003.txt

Third Party Advisory

http://www.debian.org/security/2017/dsa-3933

http://www.securityfocus.com/bid/98578

Third Party Advisory

VDB Entry

https://bugs.debian.org/863902

Third Party Advisory

Mailing List

https://issues.asterisk.org/jira/browse/ASTERISK-26939

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-9359

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9359

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9359

EUVD