vulnerability

Alpine Linux: CVE-2017-16671: asterisk Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	11/08/2017	01/15/2018	06/17/2022

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

11/08/2017

Added

01/15/2018

Modified

06/17/2022

Description

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

Solution

alpine-linux-upgrade-asterisk

References

ALPINE-8354
ALPINE-8355
ALPINE-8356
BID-101760
CVE-2017-16671
https://attackerkb.com/topics/CVE-2017-16671
DEBIAN-DSA-4076

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today