{ "id": "CVE-2017-14098", "sourceIdentifier": "cve@mitre.org", "published": "2017-09-02T16:29:00.240", "lastModified": "2017-09-14T18:06:42.070", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash." }, { "lang": "es", "value": "En el controlador de canal pjsip (res_pjsip) en Asterisk 13.x en versiones anteriores a la 13.17.1 y 14.x en versiones anteriores a la 14.6.1, una URI tel cuidadosamente manipulada en un encabezado From, To, o Contact podr\u00eda provocar el bloqueo de Asterisk." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:*:*:*:lts:*:*:*", "matchCriteriaId": "E7D1238A-A8D2-485E-81FD-46038A883EC3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E93A7967-9A04-424A-BDDB-A2B8289B9AC4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8F75C9FF-6F95-4F6A-B683-FE2BEDE3AD10" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "68226156-42ED-4F0E-93E1-02DD57E582B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB2C4E1E-6B90-4DCC-BC09-7D19FBA65C3F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A4EB385E-28B5-4259-9431-99E1F32D61B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "58C0FF1B-6188-4181-A139-1806328762BD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "890EBB8C-989B-4344-AC03-62B399076008" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BD4AAECB-A2BC-45BA-BC63-E51C1FE6C334" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "121EACD3-D5E3-4691-8024-95996865BB65" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "136D6508-660E-410D-829A-7DD452BF8819" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "AEC2B3AA-EB24-4259-BED1-5DBC102FE9C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "74B23D17-7356-4D37-8C73-E87896D1335B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CEA9DA4A-A3E6-4C46-9471-CCBFA71083AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "81A8A6CB-D236-4AB3-8476-C2D34DB7EF31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "599833A2-CBE9-479B-8A6E-AF79C5EED1DB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B55719B3-7325-47E1-8D16-3F34B1F44385" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B870B3B7-E8DC-45A2-8FA4-657D005D00E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C91E9A3B-54EB-4819-94DD-30F7D0C90047" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "47189DF9-8E57-4BA6-9F52-B7A8229AE02A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "84AAFA3C-3CCD-4615-9725-169C303CF18F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C92E0801-9E8F-4CF2-A4A0-48BCF550F2D4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C1C39FA-EF1A-4F2B-87A0-A00BAE73C6A7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "677D1211-0B07-47B9-AB7A-E820E2B29561" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "84202BAF-29E1-472B-B11F-B73F6A8891CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.8.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "FFC7120D-E6A0-4801-A1CC-3E143896EE72" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAF2A83D-D9AE-441D-8D4E-335BF9D28A63" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F5C1479-A540-4B7D-B00C-BD35EEC83BB4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC12556C-5E82-47D7-87E5-FBDC01A920DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "461C1D2D-C4C1-4FF8-8231-38A2505F3523" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "66595711-8573-4A9B-A8FE-4943E3097AA8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5D1FE3D4-A0B9-475A-9B89-B0222283A6A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "9670B5AC-CBD1-484C-90F8-69B1A60B6054" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE5794B6-246C-415E-8E20-56447F152488" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "E726CA39-A763-4422-B59E-E9E12518EA4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.12:*:*:*:*:*:*:*", "matchCriteriaId": "6A96EB57-835A-45B4-82F5-31F925A85629" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "206F1DC9-9E8F-4497-A354-4A14711993DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "8D428364-E2AD-4BC6-9329-71793BC0EB61" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "08963910-E0BD-4487-B669-60E0BFA79863" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.13:*:*:*:*:*:*:*", "matchCriteriaId": "86B16D04-3808-4380-8F64-0C36B185C1F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3BD16A9-24BC-4FC1-81BA-A6D1FEF38D35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "68BAAD53-DE75-41CA-BF60-C0363029D3A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDC383B3-27EF-4C37-94BE-F0D41B34CAFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A7824B34-06C3-403B-B6F3-C850D54438EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.14.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "17E86941-98F6-45A5-8646-6876F74D909F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "C6DB27C0-C74E-4E6A-AA63-09CFE73C2EF6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C443A3B-DF96-4A68-B046-DE13689CA974" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5F3AC9AE-288C-4F0E-BF15-C3F4AF09D8E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "796A6021-9FCA-4354-A47C-7500C363C168" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.15.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "EBB9D073-195F-4C2A-932E-7F027710DB25" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "604E58C8-9B81-4992-8993-4A6CB876EE08" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "077C4CB8-1FDE-45D3-82E6-CE09A22809B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3CDB96CA-5AAE-4B39-8E01-2E72E3B476AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.16.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "8EB33EC3-CDE0-40BD-B269-512AE074D278" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "363FA95F-03EF-4D6A-A40D-76D285D16255" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:13.17.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "FA96DC31-4BAC-4C5A-923C-EBBFFC7ABB52" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "C949D5F5-6C0B-4B17-85B6-3A77D08CF967" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D413741-BDB7-496D-A01B-75E2A98FDB5B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "29130F7F-DE00-43E1-A4A6-8F1F95D5CB19" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "25E94EC0-F577-4B2B-8B11-DC76278CDD42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "101AD474-9B89-483D-84E8-08012677C55C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D57E41F6-C2CF-4183-A78A-9531A88FB65D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB1F9BB8-F951-427E-B770-69C2ACEBDB28" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7C4CE405-E923-4C9C-849A-D1031C4DB493" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "C039C0CE-9C9C-4D85-8D7C-574DCF9D920B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.01:*:*:*:*:*:*:*", "matchCriteriaId": "A1B2F2CC-18C3-46E7-8E7F-970622A710C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "04ECDFF1-9718-4FAE-B45B-4F8CCA82829E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2C4DA60-5701-4BD0-B2F9-D93B9E64111F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B12834D-2AF1-4AD1-AB23-859CAA5D3210" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.02:*:*:*:*:*:*:*", "matchCriteriaId": "89036D04-EA04-4041-9694-6768478D35F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.2:*:*:*:*:*:*:*", "matchCriteriaId": "B19070D3-9F03-43C7-9F31-9A54BD5F2441" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39BAA74-50A8-4087-8FF8-7C5922121319" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D29C253-B403-4B00-A626-3E3A920DC018" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E9D8FA2-21EA-4384-8001-118DA7C959F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3368DE88-7009-46A0-93F4-4D52BAD3D173" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "26586127-B68B-4476-8182-C49B1B1DCDC6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D1EFDCC-983E-4227-9FD5-456C16610BC8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFA7DBAD-BCA6-47D1-A92E-4EB7941F55F1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "02C6C827-97A6-4287-8B3E-DE29054242B3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "9BE4F7C1-BB82-44BA-BBFD-9F660330EC15" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E4FCA146-5A72-4746-BE23-63271FBC4D47" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A0C90BB-C3FE-4A75-B739-0236C4256F7E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "46BD9466-0BC9-4B4D-928F-240CD46D306C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "06F456AD-19D3-49EF-82B1-07370F6499AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "24A9997E-D0DC-45B0-B4DB-308667FA820E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "26202E79-98E0-4533-B4AE-1ABB2477F5A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:digium:asterisk:14.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C3D7384F-DF1B-4ED7-B1D5-885B95774DDB" } ] } ] } ], "references": [ { "url": "http://downloads.asterisk.org/pub/security/AST-2017-007.html", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/100583", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1039253", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://bugs.debian.org/873909", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27152", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ] } ] }