vulnerability

Debian: CVE-2017-14603: asterisk -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 3, 2017	Oct 4, 2017	Apr 25, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 3, 2017

Added

Oct 4, 2017

Modified

Apr 25, 2025

Description

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

Solution

debian-upgrade-asterisk

References

CVE-2017-14603
https://attackerkb.com/topics/CVE-2017-14603
DEBIAN-DSA-3990

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today