Asterisk Remote Unauthenticated Memory Exhaustion

vendor:

Asterisk

by:

Juan Sacco

7.5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Asterisk

Affected Version From: Asterisk 13.17.2~dfsg-2

Affected Version To: Asterisk 13.17.2~dfsg-2

Patch Exists: NO

Related CWE: CVE-2017-17090, AST-2017-013

CPE: asterisk:asterisk:13.17.2~dfsg-2

Metasploit: https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2017-17090/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2017-17090/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2017-17090/

Other Scripts:

Platforms Tested:

2017

Asterisk Remote Unauthenticated Memory Exhaustion

Asterisk is prone to a remote unauthenticated memory exhaustion. The vulnerability is due to an error when the vulnerable application handles crafted SCCP packet. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Mitigation:

Source

Asterisk Remote Unauthenticated Memory Exhaustion

Mitigation:

Exploit-DB raw data: