VDB
CVE-2017-16672
CVE-2017-16672
PUBLISHED
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
EPSS 5.27% · 90.2th percentile
Risk Scores
EPSS Score
5.27%
90.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | asterisk | 0, 1:13.1.0~dfsg-1.1ubuntu3, 1:13.1.0~dfsg-1.1ubuntu4 |
Exploit Intelligence
- http://downloads.digium.com/pub/security/AST-2017-011.html (circl)
- 101765 (circl)
- https://issues.asterisk.org/jira/browse/ASTERISK-27345 (circl)
- GLSA-201811-11 (circl)
- DSA-4076 (circl)
Timeline
- Nov 9, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-16672 third-party-advisory
- http://downloads.digium.com/pub/security/AST-2017-011.html third-party-advisory
- http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff third-party-advisory
- https://issues.asterisk.org/jira/browse/ASTERISK-27345 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-16672 third-party-advisory