VAR-201706-0901
Vulnerability from variot - Updated: 2025-04-20 23:25A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Asterisk Open Source and Certified Asterisk Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Asterisk products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0901",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.14.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.4.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.13.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.4.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.0.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.12.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.3.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.12.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.1.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.8.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.8.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.2.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.12.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.3.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.11.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.9.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.5.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.8.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.0.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.15.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.10.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.1.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.7.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "13.6.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "14.2.0"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "14.x"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.13-cert4"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "13.13"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "13.15.1"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "14.4.1"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "13.x"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.1.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.2.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.4.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.3.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.6,
"vendor": "asterisk",
"version": "14.0.0"
},
{
"model": "certified asterisk 13.13-cert3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.13"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.7.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.3.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.0.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "14.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.8.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.1.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.0.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.0"
},
{
"model": "certified asterisk 13.13-cert4",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "open source",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "14.4.1"
},
{
"model": "open source",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "13.15.1"
}
],
"sources": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:digium:open_source",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandro Gauci",
"sources": [
{
"db": "BID",
"id": "98573"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9358",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9358",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9358",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9358",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-060",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Asterisk Open Source and Certified Asterisk Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Asterisk products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "BID",
"id": "98573"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9358",
"trust": 2.7
},
{
"db": "BID",
"id": "98573",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1038531",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"id": "VAR-201706-0901",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2025-04-20T23:25:00.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2017-004",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt"
},
{
"title": "863906",
"trust": 0.8,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906"
},
{
"title": "Digium Asterisk Open Source and Certified Asterisk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70679"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://downloads.asterisk.org/pub/security/ast-2017-004.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/98573"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1038531"
},
{
"trust": 1.6,
"url": "https://bugs.debian.org/863906"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9358"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2017/may/76"
},
{
"trust": 0.3,
"url": "http://www.asterisk.org/"
},
{
"trust": 0.3,
"url": "http://downloads.asterisk.org/pub/security/ast-2017-004.html"
}
],
"sources": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "98573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "BID",
"id": "98573"
},
{
"date": "2017-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"date": "2017-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"date": "2017-06-02T05:29:00.700000",
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-02T18:01:00",
"db": "BID",
"id": "98573"
},
{
"date": "2017-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004594"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-060"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk Open Source and Certified Asterisk Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-060"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…