CVE-2017-7617 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Vendor	Product	Version
digium	asterisk	13.0.0
digium	asterisk	13.0.0:beta1
digium	asterisk	13.0.0:beta2
digium	asterisk	13.0.0:beta3
digium	asterisk	13.0.1
digium	asterisk	13.0.2
digium	asterisk	13.1.0
digium	asterisk	13.1.0:rc1
digium	asterisk	13.1.0:rc2
digium	asterisk	13.1.1
digium	asterisk	13.2.0
digium	asterisk	13.2.0:rc1
digium	asterisk	13.2.1
digium	asterisk	13.3.0:rc1
digium	asterisk	13.3.2
digium	asterisk	13.4.0
digium	asterisk	13.4.0:rc1
digium	asterisk	13.5.0
digium	asterisk	13.5.0:rc1
digium	asterisk	13.6.0:rc1
digium	asterisk	13.7.0:rc1
digium	asterisk	13.7.0:rc2
digium	asterisk	13.7.1
digium	asterisk	13.7.2
digium	asterisk	13.8.0
digium	asterisk	13.8.0:rc1
digium	asterisk	13.8.1
digium	asterisk	13.8.2
digium	asterisk	13.9.0
digium	asterisk	13.9.1
digium	asterisk	13.10.0
digium	asterisk	13.10.0:rc1
digium	asterisk	13.11.0
digium	asterisk	13.11.1
digium	asterisk	13.11.2
digium	asterisk	13.12
digium	asterisk	13.12.0
digium	asterisk	13.12.1
digium	asterisk	13.12.2
digium	asterisk	13.13
digium	asterisk	13.13.0
digium	asterisk	13.14.0
digium	asterisk	14.0
digium	asterisk	14.0.0
digium	asterisk	14.0.0:beta1
digium	asterisk	14.0.0:beta2
digium	asterisk	14.0.0:rc1
digium	asterisk	14.0.0:rc2
digium	asterisk	14.0.1
digium	asterisk	14.0.2
digium	asterisk	14.1
digium	asterisk	14.01
digium	asterisk	14.1.0
digium	asterisk	14.1.1
digium	asterisk	14.1.2
digium	asterisk	14.02
digium	asterisk	14.2
digium	asterisk	14.2.0
digium	asterisk	14.2.1
digium	asterisk	14.3.0
digium	certified_asterisk	𝑥 ≤ 13.13-cert2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

asterisk

bullseye	1:16.28.0~dfsg-0+deb11u4 fixed
jessie	not-affected
wheezy	not-affected
bullseye (security)	1:16.28.0~dfsg-0+deb11u5 fixed
sid	1:22.0.0~dfsg+~cs6.14.60671435-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

asterisk

jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	ignored
zesty	ignored
yakkety	ignored
xenial	Fixed 1:13.1.0~dfsg-1.1ubuntu4.1+esm1 released
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://downloads.asterisk.org/pub/security/AST-2017-001.html

http://www.securityfocus.com/bid/97377

https://bugs.debian.org/859910

http://downloads.asterisk.org/pub/security/AST-2017-001.html

http://www.securityfocus.com/bid/97377

https://bugs.debian.org/859910