The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
References
Link | Resource |
---|---|
https://issues.asterisk.org/jira/browse/ASTERISK-26939 | Issue Tracking Third Party Advisory |
https://bugs.debian.org/863902 | Mailing List Third Party Advisory |
http://downloads.asterisk.org/pub/security/AST-2017-003.txt | Third Party Advisory |
http://www.securityfocus.com/bid/98578 | Third Party Advisory VDB Entry |
http://www.debian.org/security/2017/dsa-3933 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2017-06-01 22:29
Updated : 2017-11-04 18:29
NVD link : CVE-2017-9359
Mitre link : CVE-2017-9359
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
digium
- certified_asterisk
- open_source