vulnerability
Ubuntu: USN-4814-1 (CVE-2017-7617): Asterisk vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Apr 10, 2017 | Mar 22, 2023 | Apr 25, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Apr 10, 2017
Added
Mar 22, 2023
Modified
Apr 25, 2025
Description
Richard Mudgett discovered that Asterisk did not properly check the length
of input string when setting the user field for PartyB on a CDR. A remote
attacker could use this vulnerability to cause a denial of service (crash)
or potentially execute arbitrary code. (CVE-2017-16671)
Alex Villacis Lasso discovered that Asterisk did not properly check the
length of input string when setting the user field for PartyA on a CDR. A
remote attacker could use this vulnerability to cause a denial of service
(crash) or potentially execute arbitrary code. (CVE-2017-7617)
Solution(s)
ubuntu-pro-upgrade-asteriskubuntu-pro-upgrade-asterisk-configubuntu-pro-upgrade-asterisk-dahdiubuntu-pro-upgrade-asterisk-mobileubuntu-pro-upgrade-asterisk-modulesubuntu-pro-upgrade-asterisk-mp3ubuntu-pro-upgrade-asterisk-mysqlubuntu-pro-upgrade-asterisk-ooh323ubuntu-pro-upgrade-asterisk-voicemailubuntu-pro-upgrade-asterisk-voicemail-imapstorageubuntu-pro-upgrade-asterisk-voicemail-odbcstorageubuntu-pro-upgrade-asterisk-vpb
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.