CVE-2017-16672

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-16672
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16672.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-16672
Downstream
Published
2017-11-09T00:29:00.520Z
Modified
2026-04-10T03:57:47.574541Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
85335355efb2d7914a1fe20ed31afcef15fd210c
Fixed
b7607c41e4825490ffea9d09c0b3b8f9d65f87c0
Introduced
c6d6dd133c3db3b202f1f0d457780c9a6d841e0f
Fixed
6a991af4be8be41d15e784c23e587773007f45ee
Introduced
d4cc63728def7ca06ad3f70547de87bc5c9ef7c0
Fixed
3f3172ac93420b172e5fc29c50f29143e05c88f6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fdde690e0fa2e58bf45ea2bf83962bb1c261d6e0
Database specific 
{
    "versions": [
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.18.1"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.7.1"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "fixed": "15.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.13.0"
        }
    ]
}

Affected versions

13.*
13.13.0
13.13.0-rc1
13.13.0-rc2
13.18.0
13.18.0-rc1
13.18.0-rc2
14.*
14.7.0
14.7.0-rc1
14.7.0-rc2
15.*
15.1.0
15.1.0-rc1
15.1.0-rc2
certified/13.*
certified/13.18-cert1-rc1
certified/13.18-cert1-rc2
certified/13.18-cert1-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16672.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert1_rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert1_rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert1_rc3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert1_rc4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.13.0-cert6"
            }
        ]
    }
]