UBUNTU-CVE-2017-17090

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-17090

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17090.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-17090

Related

CVE-2017-17090

Published

2017-12-02T00:29:00Z

Modified

2025-01-13T10:21:29Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

References

Affected packages

Ubuntu:Pro:16.04:LTS / asterisk

Package

Name: asterisk
Purl: pkg:deb/ubuntu/asterisk@1:13.1.0~dfsg-1.1ubuntu4.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.1.0~dfsg-1.1ubuntu3

1:13.1.0~dfsg-1.1ubuntu4

1:13.1.0~dfsg-1.1ubuntu4.1

1:13.1.0~dfsg-1.1ubuntu4.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}