CVE-2017-9359
high-risk
Published 2017-06-02
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Do I need to act?
-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Affected Vendors
References (10)
Third Party Advisory
http://downloads.asterisk.org/pub/security/AST-2017-003.txt
Third Party Advisory
http://www.securityfocus.com/bid/98578
Mailing List
https://bugs.debian.org/863902
Issue Tracking
https://issues.asterisk.org/jira/browse/ASTERISK-26939
Third Party Advisory
http://downloads.asterisk.org/pub/security/AST-2017-003.txt
Third Party Advisory
http://www.securityfocus.com/bid/98578
Mailing List
https://bugs.debian.org/863902
Issue Tracking
https://issues.asterisk.org/jira/browse/ASTERISK-26939
51
/ 100
high-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
24/34 · High