← Back

CVE-2017-7617

nvd nist
Published: Apr 10, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

Affected (61)

Digium
2 products
Asterisk
Certified Asterisk
Configuration A
60 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
Version 13.0.0
Asterisk
Version 13.0.0 beta1
Asterisk
Version 13.0.0 beta2
Asterisk
Version 13.0.0 beta3
Asterisk
Version 13.0.1
Asterisk
Version 13.0.2
Asterisk
Version 13.1.0
Asterisk
Version 13.1.0 rc1
Asterisk
Version 13.1.0 rc2
Asterisk
Version 13.1.1
Asterisk
Version 13.10.0
Asterisk
Version 13.10.0 rc1
Asterisk
Version 13.11.0
Asterisk
Version 13.11.1
Asterisk
Version 13.11.2
Asterisk
Version 13.12.0
Asterisk
Version 13.12.1
Asterisk
Version 13.12.2
Asterisk
Version 13.12
Asterisk
Version 13.13.0
Asterisk
Version 13.13
Asterisk
Version 13.14.0
Asterisk
Version 13.2.0
Asterisk
Version 13.2.0 rc1
Asterisk
Version 13.2.1
Asterisk
Version 13.3.0 rc1
Asterisk
Version 13.3.2
Asterisk
Version 13.4.0
Asterisk
Version 13.4.0 rc1
Asterisk
Version 13.5.0
Asterisk
Version 13.5.0 rc1
Asterisk
Version 13.6.0 rc1
Asterisk
Version 13.7.0 rc1
Asterisk
Version 13.7.0 rc2
Asterisk
Version 13.7.1
Asterisk
Version 13.7.2
Asterisk
Version 13.8.0
Asterisk
Version 13.8.0 rc1
Asterisk
Version 13.8.1
Asterisk
Version 13.8.2
Asterisk
Version 13.9.0
Asterisk
Version 13.9.1
Asterisk
Version 14.0.0
Asterisk
Version 14.0.0 beta1
Asterisk
Version 14.0.0 beta2
Asterisk
Version 14.0.0 rc1
Asterisk
Version 14.0.0 rc2
Asterisk
Version 14.0.1
Asterisk
Version 14.0.2
Asterisk
Version 14.01
Asterisk
Version 14.02
Asterisk
Version 14.0
Asterisk
Version 14.1.0
Asterisk
Version 14.1.1
Asterisk
Version 14.1.2
Asterisk
Version 14.1
Asterisk
Version 14.2.0
Asterisk
Version 14.2.1
Asterisk
Version 14.2
Asterisk
Version 14.3.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Certified Asterisk
Up to 13.13-cert2

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.