VDB
CVE-2017-17090
CVE-2017-17090
PUBLISHED
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
EPSS 80.58% · 99.2th percentile
Risk Scores
EPSS Score
80.58%
99.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | asterisk | 0, 1:13.1.0~dfsg-1.1ubuntu3, 1:13.1.0~dfsg-1.1ubuntu4 |
Exploit Intelligence
- CIRCL exploited: CVE-2017-17090 (circl-sighting)
- 1039948 (circl)
- 102023 (circl)
- https://issues.asterisk.org/jira/browse/ASTERISK-27452 (circl)
- [debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update (circl)
- DSA-4076 (circl)
- http://downloads.digium.com/pub/security/AST-2017-013.html (circl)
- 43992 (cve.org)
- Asterisk 13.17.2 - chan_skinny Remote Memory Corruption Exploit (0day-today)
- Asterisk 13.17.2 - chan_skinny Remote Memory Corruption Exploit (0day-today)
Timeline
- Dec 2, 2017 CVE Published
- Feb 7, 2018 PoC Published
- Feb 7, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-17090 third-party-advisory
- http://downloads.digium.com/pub/security/AST-2017-013.html third-party-advisory
- https://issues.asterisk.org/jira/browse/ASTERISK-27452 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-17090 third-party-advisory