CVE-2017-9358

Published: Jun 2, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Affected (50)

Products: Sangoma: Asterisk · Asterisk: Certified Asterisk

Sangoma

1 product

Asterisk

1 product

Certified Asterisk

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Sangoma Asterisk	Version 13.0.0
Sangoma Asterisk	Version 13.1.0
Sangoma Asterisk	Version 13.1.0 rc1
Sangoma Asterisk	Version 13.1.0 rc2
Sangoma Asterisk	Version 13.10.0 rc1
Sangoma Asterisk	Version 13.11.0 rc1
Sangoma Asterisk	Version 13.12.0
Sangoma Asterisk	Version 13.12.0 rc1
Sangoma Asterisk	Version 13.12.1
Sangoma Asterisk	Version 13.12.2
Sangoma Asterisk	Version 13.13.0 rc1
Sangoma Asterisk	Version 13.14.0 rc1
Sangoma Asterisk	Version 13.15.0 rc1
Sangoma Asterisk	Version 13.2.0
Sangoma Asterisk	Version 13.2.0 rc1
Sangoma Asterisk	Version 13.3.0 rc1
Sangoma Asterisk	Version 13.4.0
Sangoma Asterisk	Version 13.4.0 rc1
Sangoma Asterisk	Version 13.5.0
Sangoma Asterisk	Version 13.5.0 rc1
Sangoma Asterisk	Version 13.6.0 rc1
Sangoma Asterisk	Version 13.7.0
Sangoma Asterisk	Version 13.7.0 rc1
Sangoma Asterisk	Version 13.8.0
Sangoma Asterisk	Version 13.8.0 rc1
Sangoma Asterisk	Version 13.8.1
Sangoma Asterisk	Version 13.8.2
Sangoma Asterisk	Version 13.9.0
Sangoma Asterisk	Version 13.9.0 rc1

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Asterisk Certified Asterisk	Version 13.13.0
Asterisk Certified Asterisk	Version 13.13.0 cert1-rc1
Asterisk Certified Asterisk	Version 13.13.0 cert1-rc2
Asterisk Certified Asterisk	Version 13.13.0 cert1-rc3
Asterisk Certified Asterisk	Version 13.13.0 cert1-rc4
Asterisk Certified Asterisk	Version 13.13.0 cert1
Asterisk Certified Asterisk	Version 13.13.0 cert2
Asterisk Certified Asterisk	Version 13.13.0 cert3
Asterisk Certified Asterisk	Version 13.13.0 rc1
Asterisk Certified Asterisk	Version 13.13.0 rc2

Configuration C

11 vulnerable

Vulnerable Software	Affected Versions
Sangoma Asterisk	Version 14.0.0
Sangoma Asterisk	Version 14.0.0 beta1
Sangoma Asterisk	Version 14.0.0 beta2
Sangoma Asterisk	Version 14.0.0 rc1
Sangoma Asterisk	Version 14.1.0 rc1
Sangoma Asterisk	Version 14.2.0
Sangoma Asterisk	Version 14.2.0 rc1
Sangoma Asterisk	Version 14.2.0 rc2
Sangoma Asterisk	Version 14.2.1
Sangoma Asterisk	Version 14.3.0 rc1
Sangoma Asterisk	Version 14.4.0 rc1