CVE-2017-17850

Source
https://cve.org/CVERecord?id=CVE-2017-17850
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17850.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-17850
Downstream
Published
2017-12-27T17:08:20.017Z
Modified
2026-07-08T15:10:54.771484Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "13.0.0"
        },
        {
            "last_affected": "13.18.4"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.7.4"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "last_affected": "15.1.4"
        },
        {
            "introduced": "13.1.0"
        },
        {
            "last_affected": "13.1.0"
        },
        {
            "introduced": "13.1.0-rc1"
        },
        {
            "last_affected": "13.1.0-rc1"
        },
        {
            "introduced": "13.1.0-rc2"
        },
        {
            "last_affected": "13.1.0-rc2"
        },
        {
            "introduced": "13.8-cert1"
        },
        {
            "last_affected": "13.8-cert1"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

13.*
13.1.0
13.1.0-rc1
13.1.0-rc2
13.8-cert1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17850.json"