CVE-2017-17090

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-17090

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17090.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-17090

Related

Published

2017-12-02T00:29:00Z

Modified

2025-01-14T07:10:22.176964Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

References

Affected packages

Debian:11 / asterisk

Package

Name: asterisk
Purl: pkg:deb/debian/asterisk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:13.18.3~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/asterisk/asterisk

Affected ranges

Type: GIT
Repo: https://github.com/asterisk/asterisk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0ef6b6960d1c46b62df9974294392192c1398adf

Last affected

1ee2ce8c703dd763d1779a877099640bb5cd46d0

Last affected

33a0d64eab3db2dc863b37ce693f32e7a8fc3202

Last affected

47febcb9277f71089d4c072145b8e0d1b8338415

Last affected

7d9a0a89df7e81b6bc821e92ebdda56e7f865a4b

Last affected

7e17de3d6634bcfcafe3e688807665e404580475

Last affected

92876c1c2a7c361108df6586387a208f67bec1cd

Last affected

ac0f73694b59317f776ea2f4b8f777327def154e

Last affected

b8d1c8787e1cb329d294508a7d3f5d13da76216c

Last affected

c1b521ad109122b09202e0cbf4018495bed6243b

Last affected

c37d4abe63e0a37d659da04e3726ba687d4ef9f2

Last affected

f3969e49d194467a3cf5316c6ab6d5d9db2eba41

Last affected

f9c41879a75183f205f4af0ed5613dcf1c25e996

Last affected

fdde690e0fa2e58bf45ea2bf83962bb1c261d6e0

Last affected

fecd5b4d912c3a682279bd888341e0f038a40e4e

Affected versions

13.*

13.13.0

13.13.0-rc1

13.13.0-rc2

13.8.0

13.8.0-rc1

14.*

14.7.0

14.7.0-rc1

14.7.0-rc2

14.7.1

14.7.2

certified/13.*

certified/13.13-cert1-rc1

certified/13.13-cert1-rc2

certified/13.13-cert1-rc3

certified/13.13-cert1-rc4

certified/13.8-cert1

certified/13.8-cert1-rc1

certified/13.8-cert1-rc2

certified/13.8-cert1-rc3

certified/13.8-cert2

certified/13.8-cert2-rc1