cpe:/a:digium:asterisk:13.0.0 cpe:/a:digium:asterisk:13.0.0::~~lts~~~ cpe:/a:digium:asterisk:13.0.0:beta1 cpe:/a:digium:asterisk:13.0.0:beta2 cpe:/a:digium:asterisk:13.0.0:beta3 cpe:/a:digium:asterisk:13.0.1 cpe:/a:digium:asterisk:13.0.2 cpe:/a:digium:asterisk:13.1.0 cpe:/a:digium:asterisk:13.1.0:rc1 cpe:/a:digium:asterisk:13.1.0:rc2 cpe:/a:digium:asterisk:13.1.1 cpe:/a:digium:asterisk:13.2.0 cpe:/a:digium:asterisk:13.2.0:rc1 cpe:/a:digium:asterisk:13.2.1 cpe:/a:digium:asterisk:13.3.0 cpe:/a:digium:asterisk:13.3.0:rc1 cpe:/a:digium:asterisk:13.3.1 cpe:/a:digium:asterisk:13.3.2 cpe:/a:digium:asterisk:13.4.0 cpe:/a:digium:asterisk:13.4.0:rc1 cpe:/a:digium:asterisk:13.5.0 cpe:/a:digium:asterisk:13.5.0:rc1 cpe:/a:digium:asterisk:13.6.0 cpe:/a:digium:asterisk:13.6.0:rc1 cpe:/a:digium:asterisk:13.7.0 cpe:/a:digium:asterisk:13.7.0:rc1 cpe:/a:digium:asterisk:13.7.0:rc2 cpe:/a:digium:asterisk:13.7.1 cpe:/a:digium:asterisk:13.7.2 cpe:/a:digium:asterisk:13.8.0 cpe:/a:digium:asterisk:13.8.0:rc1 cpe:/a:digium:asterisk:13.8.1 cpe:/a:digium:asterisk:13.8.2 cpe:/a:digium:asterisk:13.9.0 cpe:/a:digium:asterisk:13.9.1 cpe:/a:digium:asterisk:13.10.0 cpe:/a:digium:asterisk:13.10.0:rc1 cpe:/a:digium:asterisk:13.11.0 cpe:/a:digium:asterisk:13.11.1 cpe:/a:digium:asterisk:13.11.2 cpe:/a:digium:asterisk:13.12 cpe:/a:digium:asterisk:13.12.0 cpe:/a:digium:asterisk:13.12.1 cpe:/a:digium:asterisk:13.12.2 cpe:/a:digium:asterisk:13.13 cpe:/a:digium:asterisk:13.13.0 cpe:/a:digium:asterisk:13.13.1 cpe:/a:digium:asterisk:13.14.0 cpe:/a:digium:asterisk:13.14.0:rc1 cpe:/a:digium:asterisk:13.14.0:rc2 cpe:/a:digium:asterisk:13.14.1 cpe:/a:digium:asterisk:13.15.0 cpe:/a:digium:asterisk:13.15.0:rc1 cpe:/a:digium:asterisk:13.15.0:rc2 cpe:/a:digium:asterisk:13.15.0:rc3 cpe:/a:digium:asterisk:13.15.1 cpe:/a:digium:asterisk:13.16.0 cpe:/a:digium:asterisk:13.16.0:rc1 cpe:/a:digium:asterisk:13.16.0:rc2 cpe:/a:digium:asterisk:13.17.0 cpe:/a:digium:asterisk:13.17.0:rc1 cpe:/a:digium:asterisk:13.17.1 cpe:/a:digium:asterisk:13.17.2 cpe:/a:digium:asterisk:13.18.0 cpe:/a:digium:asterisk:14.0.0 cpe:/a:digium:asterisk:14.0.0:beta1 cpe:/a:digium:asterisk:14.0.0:beta2 cpe:/a:digium:asterisk:14.0.0:rc1 cpe:/a:digium:asterisk:14.0.0:rc2 cpe:/a:digium:asterisk:14.0.1 cpe:/a:digium:asterisk:14.0.2 cpe:/a:digium:asterisk:14.1 cpe:/a:digium:asterisk:14.1.0 cpe:/a:digium:asterisk:14.1.1 cpe:/a:digium:asterisk:14.1.2 cpe:/a:digium:asterisk:14.02 cpe:/a:digium:asterisk:14.2.0 cpe:/a:digium:asterisk:14.2.1 cpe:/a:digium:asterisk:14.3.0 cpe:/a:digium:asterisk:14.3.0:rc1 cpe:/a:digium:asterisk:14.3.0:rc2 cpe:/a:digium:asterisk:14.3.1 cpe:/a:digium:asterisk:14.4.0 cpe:/a:digium:asterisk:14.4.0:rc1 cpe:/a:digium:asterisk:14.4.0:rc2 cpe:/a:digium:asterisk:14.4.0:rc3 cpe:/a:digium:asterisk:14.4.1 cpe:/a:digium:asterisk:14.5.0 cpe:/a:digium:asterisk:14.5.0:rc1 cpe:/a:digium:asterisk:14.5.0:rc2 cpe:/a:digium:asterisk:14.6.0 cpe:/a:digium:asterisk:14.6.0:rc1 cpe:/a:digium:asterisk:14.6.1 cpe:/a:digium:asterisk:14.6.2 cpe:/a:digium:asterisk:14.7.0 cpe:/a:digium:asterisk:15.0.0 cpe:/a:digium:asterisk:15.0.0:- cpe:/a:digium:asterisk:15.0.0:beta1 cpe:/a:digium:asterisk:15.0.0:rc1 cpe:/a:digium:asterisk:15.1.0 cpe:/a:digium:certified_asterisk:13.13.0 cpe:/a:digium:certified_asterisk:13.13.0:cert1 cpe:/a:digium:certified_asterisk:13.13.0:cert1_rc1 cpe:/a:digium:certified_asterisk:13.13.0:cert1_rc2 cpe:/a:digium:certified_asterisk:13.13.0:cert1_rc3 cpe:/a:digium:certified_asterisk:13.13.0:cert1_rc4 cpe:/a:digium:certified_asterisk:13.13.0:cert2 cpe:/a:digium:certified_asterisk:13.13.0:cert3 cpe:/a:digium:certified_asterisk:13.13.0:cert4 cpe:/a:digium:certified_asterisk:13.13.0:cert5 cpe:/a:digium:certified_asterisk:13.13.0:cert6 CVE-2017-16671 2017-11-08T19:29:00.473-05:00 2018-11-25T06:29:00.957-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 101760 DEBIAN DSA-4076 GENTOO GLSA-201811-11 CONFIRM http://downloads.digium.com/pub/security/AST-2017-010.html CONFIRM https://issues.asterisk.org/jira/browse/ASTERISK-27337 A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.