CVE-2017-17850

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-17850
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17850.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-17850
Downstream
Published
2017-12-27T17:08:20.017Z
Modified
2026-04-10T03:58:58.190903Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
85335355efb2d7914a1fe20ed31afcef15fd210c
Last affected
07c49ec7b8fad91c5b5118775986c9e09a019cc5
Introduced
c6d6dd133c3db3b202f1f0d457780c9a6d841e0f
Last affected
de85b88ac60295becec6de9b0b5eed7860f4fcf7
Introduced
d4cc63728def7ca06ad3f70547de87bc5c9ef7c0
Last affected
037105ead04401d138e966e1bc3c5b740f554d1a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ff4dbeaf3894d28de5c9e2a718702442acddcb29
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c90ce6f6c254ce6ddc032c64fe3b10e7eeb0a846
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c45c3b55247f5735f16ebfa90b38a93913dfcee6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
45e0392397605b8c8d0d975c63e21dd7b2c951de
Database specific 
{
    "versions": [
        {
            "introduced": "13.0.0"
        },
        {
            "last_affected": "13.18.4"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.7.4"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "last_affected": "15.1.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.1.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.1.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.8-cert1"
        }
    ]
}

Affected versions

13.*
13.1.0
13.1.0-rc1
13.1.0-rc2
13.18.0
13.18.0-rc1
13.18.0-rc2
13.8.0
13.8.0-rc1
14.*
14.7.0
14.7.0-rc1
14.7.0-rc2
14.7.1
14.7.2
14.7.3
14.7.4
15.*
15.1.0
15.1.0-rc1
15.1.0-rc2
15.1.1
15.1.2
15.1.3
15.1.4
certified/13.*
certified/13.18-cert1
certified/13.18-cert1-rc1
certified/13.18-cert1-rc2
certified/13.18-cert1-rc3
certified/13.18-cert2
certified/13.18-cert3
certified/13.18-cert4
certified/13.8-cert1
certified/13.8-cert1-rc1
certified/13.8-cert1-rc2
certified/13.8-cert1-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17850.json"