Lucene search
GoogleOSV:CVE-2017-17850HistoryDec 27, 2017 - 5:08 p.m.
CVE-2017-17850
2017-12-2717:08:20
Google
osv.dev
5
0.929 High
EPSS
Percentile
99.0%
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Related
openvas
openvas
Fedora Update for asterisk FEDORA-2017-41242dfe10
2018-01-10 00:00:00
Asterisk DoS Vulnerability
2018-01-04 00:00:00
Fedora Update for asterisk FEDORA-2018-cf1dd2166b
2018-05-31 00:00:00
freebsd
freebsd
asterisk -- Crash in PJSIP resource when missing a contact header
2017-12-12 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: asterisk-14.7.5-1.fc27
2018-01-10 02:15:00
[SECURITY] Fedora 27 Update: asterisk-14.7.6-2.fc27
2018-05-30 14:32:54
cve
cve
CVE-2017-17850
2017-12-27 17:08:20
nvd
nvd
CVE-2017-17850
2017-12-27 17:08:20
ubuntucve
ubuntucve
CVE-2017-17850
2017-12-27 00:00:00
nessus
nessus
FreeBSD : asterisk -- Crash in PJSIP resource when missing a contact header (2a3bc6ac-e7c6-11e7-a90b-001999f8d30b)
2017-12-26 00:00:00
Fedora 27 : asterisk (2017-41242dfe10)
2018-01-15 00:00:00
prion
prion
Authentication flaw
2017-12-27 17:08:00
debiancve
debiancve
CVE-2017-17850
2017-12-27 17:08:20
cvelist
cvelist
CVE-2017-17850
2017-12-23 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2018-11-24 00:00:00