CVE-2017-9358

{"id": "CVE-2017-9358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-06-02T05:29:00.700", "references": [{"url": "http://downloads.asterisk.org/pub/security/AST-2017-004.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/98573", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1038531", "source": "cve@mitre.org"}, {"url": "https://bugs.debian.org/863906", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop)."}, {"lang": "es", "value": "Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones 13.13 anteriores a la 13.13-cert4. Esto podr\u00eda llevarse a cabo mediante el env\u00edo de paquetes SCCP especialmente manipulados que provocar\u00edan un bucle infinito y dar\u00edan lugar a un agotamiento de memoria (mediante el registro de mensajes en ese bucle)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:open_source:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD0F2C8A-CE8E-459F-B9C9-373FD6CBC1F0"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FF8AFC3-A009-418D-A548-715A78856A4A"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6D4EAC9-7E25-4052-B6F2-F1B8C3B948BE"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "917A3D8D-D799-4074-8FBE-4D0B3F54E002"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F24A0A1-EC05-44DC-A3CC-67F5E7A35014"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC660283-8C15-49B4-96F6-08E47ED988CF"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07272D7D-0A49-4750-B63A-0E9D37D7A1B7"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C2155B0-F1CF-4864-87CF-23459C2DAD8A"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "991275C0-FE17-4B29-84F8-4DAF8862DEA3"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12948AA4-9FB6-4ABC-92B7-22823ACB42F7"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.5.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88B3A6B-0D43-47BE-8A9A-6988D8E58F15"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "354A9A1E-C52B-4D80-9B40-C3C9D7DA702F"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9402F052-2306-4590-8F1E-73E3A251BBDC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.7.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FB46CA1-0709-4AC0-978A-BC2DBEC6D113"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33ABDDCB-E823-4CA7-B190-C7F51C0014F1"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.8.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7289DF0D-2AC4-41A2-B163-ED76211379EC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28D27E9E-3258-48A7-8952-F8E87A354909"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A5FCF6-CBE8-4F88-8EC2-97EC5F591849"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15FF0FA0-A97B-4A89-8A46-B872FE601DDE"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.9.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DE81BFD-A237-453D-9988-C9502A0FCF2A"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.10.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AED3DDD-251E-4B00-8C2E-13124D2EA873"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.11.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "203D0E1B-2FE5-440B-A0E0-A854D3B2A128"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF7139F3-0C77-482F-8731-1083F86339EA"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.12.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29C521C0-3201-4444-A657-B735EC459059"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "120315ED-45CA-4A51-8BDF-B366E8CF07F8"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB131A32-FD36-432B-BEC5-C5956D956A64"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.13.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90F42273-1937-4D81-967F-4C8F4D807818"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.14.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99ED2875-E249-46D1-A711-273FD853A2D9"}, {"criteria": "cpe:2.3:a:asterisk:open_source:13.15.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE20A2B-AB8A-4F8C-A64D-9536A8EA2AB7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C489FB-3A83-42D7-94A9-3C7D5B8F980C"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD5636A9-1E9F-4DA7-8459-6B9257ADE0E4"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DDBE806-CDD5-4981-B575-9EB58816CD7A"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9676683-14B7-4489-9D18-C37365C323D5"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "660E2F8C-A674-44EE-99AC-80E57A0681C3"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6949CB9E-8282-4E9D-9DD0-889E3181C845"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B54BB82E-92EF-4D75-8E62-10CDC7C526DC"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E759A991-D72D-4FCA-B4F5-3B51D63A31D3"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4E1A5B3-8385-4376-A145-1E1CC0E80818"}, {"criteria": "cpe:2.3:a:asterisk:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E4E78FF-000E-4DA8-8539-2C5507C09BB8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:open_source:14.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA072BB6-E0A1-4014-B774-C99B74519405"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17611CCE-DC0F-4466-9EEC-7360ECF9BFD4"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8C42503-6F94-4F8E-A0FC-FB6158D58CF8"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12813A63-7D07-4BDC-913E-30EF8C8CD26E"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93D39EA-1941-47A1-B447-4D84E7DAD77C"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79303CCA-2B46-428B-84F7-7B063A94D1BC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81325F07-28DA-4178-A8A4-88AEFED3DAA0"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D1542A-185B-4622-BF73-7794F5EE192E"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE53697-142D-405D-9E1A-655D960799CC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F349A0F-C6F1-4706-B910-B01E00AD5497"}, {"criteria": "cpe:2.3:a:asterisk:open_source:14.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "903EEBFB-D3FE-415D-ADB5-75244BDCC3D3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}