[Forgot Password]
Login  Register Subscribe

23631

 
 

114973

 
 

93458

 
 

909

 
 

76924

 
 

97

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-9358

Date: (C)2017-06-03   (M)2017-08-10
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop).

Reference:
SECTRACK-1038531
BID-98573
http://downloads.asterisk.org/pub/security/AST-2017-004.txt
https://bugs.debian.org/863906

CWE    1
CWE-400

© 2016 SecPod Technologies