[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-17090Date: (C)2017-12-06   (M)2023-12-22


An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-102023
SECTRACK-1039948
EXPLOIT-DB-43992
DSA-4076
https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html
http://downloads.digium.com/pub/security/AST-2017-013.html
https://issues.asterisk.org/jira/browse/ASTERISK-27452

CPE    5
cpe:/a:digium:asterisk
cpe:/a:digium:certified_asterisk:13.13:cert1_rc1
cpe:/a:digium:certified_asterisk:13.13:cert1_rc4
cpe:/a:digium:certified_asterisk:13.13:cert1_rc2
...
CWE    1
CWE-459
OVAL    7
oval:org.secpod.oval:def:1800907
oval:org.secpod.oval:def:1800121
oval:org.secpod.oval:def:1800795
oval:org.secpod.oval:def:603226
...

© SecPod Technologies