CVE-2017-9359

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
digiumopen_source
13.0.0
digiumopen_source
13.1.0
digiumopen_source
13.1.0:rc1
digiumopen_source
13.1.0:rc2
digiumopen_source
13.2.0
digiumopen_source
13.2.0:rc1
digiumopen_source
13.3.0:rc1
digiumopen_source
13.4.0
digiumopen_source
13.4.0:rc1
digiumopen_source
13.5.0
digiumopen_source
13.5.0:rc1
digiumopen_source
13.6.0:rc1
digiumopen_source
13.7.0
digiumopen_source
13.7.0:rc1
digiumopen_source
13.8.0
digiumopen_source
13.8.0:rc1
digiumopen_source
13.8.1
digiumopen_source
13.8.2
digiumopen_source
13.9.0
digiumopen_source
13.9.0:rc1
digiumopen_source
13.10.0:rc1
digiumopen_source
13.11.0:rc1
digiumopen_source
13.12.0
digiumopen_source
13.12.0:rc1
digiumopen_source
13.12.1
digiumopen_source
13.12.2
digiumopen_source
13.13.0:rc1
digiumopen_source
13.14.0:rc1
digiumopen_source
13.15.0:rc1
digiumopen_source
14.2.0
digiumopen_source
14.2.0:rc1
digiumopen_source
14.2.0:rc2
digiumcertified_asterisk
13.13.0
digiumcertified_asterisk
13.13.0:cert1
digiumcertified_asterisk
13.13.0:cert1-rc1
digiumcertified_asterisk
13.13.0:cert1-rc2
digiumcertified_asterisk
13.13.0:cert1-rc3
digiumcertified_asterisk
13.13.0:cert1-rc4
digiumcertified_asterisk
13.13.0:cert2
digiumcertified_asterisk
13.13.0:cert3
digiumcertified_asterisk
13.13.0:rc1
digiumcertified_asterisk
13.13.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pjproject
artful
not-affected
zesty
ignored
yakkety
ignored
xenial
Fixed 2.1.0.0.ast20130823-1+deb8u1build0.16.04.1
released
trusty
Fixed 2.1.0.0.ast20130823-1+deb8u1build0.14.04.1
released
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2017-003.txt
http://www.debian.org/security/2017/dsa-3933
http://www.securityfocus.com/bid/98578
https://bugs.debian.org/863902
https://issues.asterisk.org/jira/browse/ASTERISK-26939
http://downloads.asterisk.org/pub/security/AST-2017-003.txt
http://www.debian.org/security/2017/dsa-3933
http://www.securityfocus.com/bid/98578
https://bugs.debian.org/863902
https://issues.asterisk.org/jira/browse/ASTERISK-26939