PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
References
Link | Resource |
---|---|
https://bugs.debian.org/863901 | Mailing List Third Party Advisory |
http://downloads.asterisk.org/pub/security/AST-2017-002.txt | Third Party Advisory |
http://www.securityfocus.com/bid/98572 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038529 | |
http://www.debian.org/security/2017/dsa-3933 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2017-06-02 07:29
Updated : 2017-11-04 18:29
NVD link : CVE-2017-9372
Mitre link : CVE-2017-9372
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
digium
- certified_asterisk
- open_source