← Back

CVE-2017-9359

nvd nist
Published: Jun 2, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Affected (42)

Digium
2 products
Open Source
Certified Asterisk
Configuration A
32 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Open Source
Version 13.0.0
Open Source
Version 13.1.0
Open Source
Version 13.1.0 rc1
Open Source
Version 13.1.0 rc2
Open Source
Version 13.10.0 rc1
Open Source
Version 13.11.0 rc1
Open Source
Version 13.12.0
Open Source
Version 13.12.0 rc1
Open Source
Version 13.12.1
Open Source
Version 13.12.2
Open Source
Version 13.13.0 rc1
Open Source
Version 13.14.0 rc1
Open Source
Version 13.15.0 rc1
Open Source
Version 13.2.0
Open Source
Version 13.2.0 rc1
Open Source
Version 13.3.0 rc1
Open Source
Version 13.4.0
Open Source
Version 13.4.0 rc1
Open Source
Version 13.5.0
Open Source
Version 13.5.0 rc1
Open Source
Version 13.6.0 rc1
Open Source
Version 13.7.0
Open Source
Version 13.7.0 rc1
Open Source
Version 13.8.0
Open Source
Version 13.8.0 rc1
Open Source
Version 13.8.1
Open Source
Version 13.8.2
Open Source
Version 13.9.0
Open Source
Version 13.9.0 rc1
Open Source
Version 14.2.0
Open Source
Version 14.2.0 rc1
Open Source
Version 14.2.0 rc2
Configuration B
10 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Certified Asterisk
Version 13.13.0
Certified Asterisk
Version 13.13.0 cert1-rc1
Certified Asterisk
Version 13.13.0 cert1-rc2
Certified Asterisk
Version 13.13.0 cert1-rc3
Certified Asterisk
Version 13.13.0 cert1-rc4
Certified Asterisk
Version 13.13.0 cert1
Certified Asterisk
Version 13.13.0 cert2
Certified Asterisk
Version 13.13.0 cert3
Certified Asterisk
Version 13.13.0 rc1
Certified Asterisk
Version 13.13.0 rc2

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (10)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory

Timeline

No history available yet.